PSD2 became law in all 28 countries of the EU on the 13th January 2018. Banks are now required to open their customer data securely to third party payment service providers (TPPs). KAL software can help banks and TPPs become compliant.
What banks must do
One of PSD2’s requirements is that banks make it possible for TPPs to access customer data securely using Strong Customer Authentication (SCA). This makes it easier and cheaper for consumers to transfer funds and make payments. With PSD2 payments, each transaction must be explicitly authorized by the consumer using their SCA credentials. Only the consumer is able to do that – and a hacker can't replicate this process using stolen information, as the credentials are unique each time.
Strong Customer Authentication (SCA)
SCA is an integral part of the new era of Open Banking. Under the EBA’s Regulatory Technical Standards (RTS), banks must comply with and create a secure execution environment using multi-factor authentication. That process must include at least two of the following three factors:
Smart device or card
PIN or password
KAL’s Open Banking solution
KAL’s server technology is able to expose a secure API that allows SCA-compliant transactions to be carried out by TPPs.
KAL’s API-Server Powered by KTH is designed to be installed in a bank’s data center with support for dual-data center architectures and secure hardware devices such as HSMs.
The API-Server is managed and monitored using KAL’s KTC management system. It enables banks to navigate the transition into open banking easily while meeting the regulatory requirements.
Why should banks choose KAL?
KAL is recognized as a world-leading ATM software company: its software drives hundreds of thousands of ATMs in more than 80 countries.
For well over a decade, ATMs around the world have been using a two-factor authentication method – better known as EMV – to authorize transactions.
This means KAL software is ready and deployed today to handle the SCA-compliant mechanisms required by PSD2.
For over 25 years, KAL has delivered highly scalable secure transaction processing software
Highly customizable and can be adapted to legacy systems or integrated into a bank’s digital strategy
Easy to implement and does not require a bank to design its own solution
Timeline for PSD2 and RTS
Source: European Payments Council
13 January 2018
PSD2 enters into effect, with the main exception of the security measures described in the RTS.
By 27 February 2018
The European Parliament and the European Council approve (or reject) the final RTS.
In September 2019
18 months after their publication in the Official Journal of the EU, the RTS apply.