What is that?
PSD 2 Consulting – Adjustment and Compliance
The PSD2 directive, Payment Services Directive n.2 is the European Directive 2015/2366 on payment services in the internal market, which came into force in January 2018. It has opened the doors of the banking world to Fintech subjects and also standardizing digital payment systems.
The directive includes indications of a technical nature for making IT services and infrastructure safe. The experts of Safecore, with a strong IT security background, can provide the necessary advice to companies that intend to implement it.
The directive, which ranges from the use of new payment options to the limitation of interchange fees, from the regulation of proprietary payment instruments to the supervisory provisions that payment institutions must comply with, from security measures for online access to reports banks to protect customer funds, also introduces the possibility of entering the world of payments to subjects completely unrelated to the banking-financial world. This represented an interesting opportunity especially for companies in the fintech segment, which can now act in a similar way to banking institutions, provided they comply with the PSD2 directives.
PSD 2 certification: the goal
The main objective of the directive is to improve the protection of consumers using payment services, increase transparency and security, and foster efficiency and innovation in a rapidly expanding sector, which often lacks adequate regulation. PSD2 therefore aims to stimulate more intense competition in the payments market and facilitate access to bank account information.
What to Expect
Companies providing payment services must comply with the deadlines set out in the calendar for planned adjustments. Those that aspire to enter the market must instead design their services and infrastructures so that they fully respect the established criteria, following an approach that we could call 'PSD2 by design'.
Recognizing the growing transition from physical to electronic money, the PSD2 directive has integrated and regulated these new realities, known as PISPs (Payment Initiation Service Providers), regulating their entry into the market and at the same time offering new opportunities to businesses born in the era digital. In this scenario, the key element of every financial service is the information system on which it is based.
The directive includes numerous rules for the safety of services and infrastructures, which must be observed by all operators, whether they are companies with consolidated experience in the banking-financial sector or start-ups intending to exploit new opportunities businesses provided by the directive itself, which provide or plan to provide banking or financial services.
How does the PSD Directive 2
PSD2 consultancy translates into the development, implementation and management of security systems and solutions, which cover physical, logical and organizational aspects, to ensure at least the degree of protection prescribed by the directive in relation to the type of activity carried out.
What does the intervention of the consultants foresee? Safecore
The support offered by Safecore it therefore follows the same methodological scheme used for any other regulatory adaptation and may include:
- assessment of the applicability and methods of application of the directive;
- gap analysis and definition of the intervention plan;
- consultancy in the selection and implementation phase of the technological solutions to be adopted;
- consultancy, training and assessment of safety in the application field;
- support in defining the organizational structure;
- document drafting;
- support in the preparation of accreditation practices.
The extent of the support depends on the type of services provided by the customer who must comply with PSD2 compliance in order to be provided in accordance with the law.
Why should you choose Safecore
The team Safecore is made up of people who have always been passionate about challenges, especially those related to IT security. The numerous experiences faced in important contexts such as banking and insurance, the heterogeneity and the strong bond of the team makes Safecore an excellent preventive weapon.
Over time, high problem solving skills and a method of thinking outside the box (“Think Outside The Box”) have been acquired, which has proved to be vital for achieving excellent results.
The team Safecore is highly qualified and boasts various certifications recognized at company level, including:
- OSCP (Offensive Security Certified Professional)
- oswe extension (Offensive Security Web Expert)
- eWPT (eLearnSecurity Web application Penetration Tester)
- eMAPT (eLearnSecurity Mobile Application Penetration Tester)
- eJPT (eLearnSecurity Junior Penetration Tester)
- eCDFP (eLearnSecurity Certified Digital Forensics Professional)
- ISO 27001 Lead Auditor
- ISO 22301 Lead Auditor
Our methodology
Safecore has developed a holistic approach which consists in the periodic analysis of the risks coming from the three fundamental components within an organization such as the PEOPLE, the PROCESSES and TECHNOLOGIES.
implement security policies to protect all personnel, internal and external, involved in the provision of services
inclusion of security principles in all company processes in compliance with "Security by design"
verify the security of all the technologies adopted within the organization with particular reference to those dedicated to the provision of services
The journey through time with Safecore
Safecore also offers the consultancy service in the subsequent phases, for updating personnel and maintaining the necessary requirements over time.
In particular, the services of Safecore They include:
- definition of the scope of the ISMS in the first implementation or expansion phase;
- gap analysis and definition of the intervention plan;
- consultancy in the implementation or certification phase for the resolution of any non-conformities;
- drafting of the documentary apparatus;
- risk analysis;
- support for internal audits;
- review activities;
- training;
- coaching during the audits of the certifying bodies.
We also assist companies in the revisions of their organization or corporate objectives, following the issue of new versions of the standard, or in the adoption of new standards dedicated to specific sectors. Last but not least, we support the integration of the ISMS with other management systems (ISO 9001, ISO 20000, COBIT, etc.) or with corporate compliance (231, GDPR, PCIDSS).
Who can benefit?
All entities that are involved in one of the activities that fall within the scope of the PSD2 directive: banks, already authorized payment service providers, TPP or Third Party Payment service provider PISP, Payment Initiator Service Provider, and AISP, Account Information Service Providers and more generally companies and startups operating in fintech, or companies that intend to include digital payment services among their activities.