Psd2 challenges
Download as PPTX, PDF0 likes139 views
PSD2 challenges for open API economy. Key PSD2 milestones are March 14, 2019 for sandbox testing and September 14, 2019 for production. PSD2 requires solutions for intelligent counter fraud, customer consent management, TPP registration and identification, fallback mechanisms, and standards-based open banking APIs. IBS Bulgaria provides solutions like the IBM integration portfolio, DataPower gateway, Safer Payments platform, and a PSD2 open API portal to help banks meet these PSD2 requirements.
Psd2 challenges
- 1. PSD2 challenges for open API Economy Goran Angelov CEO, IBS Bulgaria
- 2. IBM Platinum BP Experts in Power, Storage & Cloud Integration Specialists in 30M Turnover in 2018 Team of 80+ Establishe d in 2003 Who we are?
- 3. 14.03.2019 SANDBOX 14.09.2019 Productio n 7 Days to Sandbox 6m & 7days to Production PSD2 – key milestones • Key milestones for PSD2 Open API Portals: –14.03.2019 Sandbox portals with fully functional test environment and official API’s –14.09.2019 Fully functional productive API portals * Bank has to provide notification to TPP at
- 4. PSD2 Open API Portals • API Catalog • PSD2 API’s documentation + code snippets, and example operations • Register TPP App (get client secret) • Sign-up for API with API Plan (free for PSD2) • Test you App • Promote to Production Explore https://developer.dskbank.bg Get manual: https://developer.dskbank.bg/download/file/fid/29
- 5. Intelligent Counter Fraud and SCA SLA and fallback mechanism TPP Register and TPP certificates (eIDAS) Custome r Consent s manage ment PSD2 Challenges and specifics API Standards and local specifics
- 6. Consent Management for PSD2 • Onboarding in TPP App requires customer electronic consent • Bank should be able to check the validity of the electronic consent for each particular transaction • Bank has to provide the end user with the opportunity to manage his electronic consents OAUTH2 with Redirection This will be the most popular process for customer onboarding and SCA procedure.
- 7. Public Register Every PSD2 service provider and bank is authorized in their home country by the financial supervisory competent authority to provide services listed in the PSD2 directive. Information about this is published in the public registry and this registry is the main source of information. • Certificates • Qualified Certificates supporting PSD2 will include information about the authorization number of the Payment Service Provider, its home country’s supervisory competent authority and its roles TPP Certification and Identification *yet to come in production
- 8. Open Banking APIs need standards However, there are always local specifics!
- 9. • Provides end-point for all interactions and AAA security • Provides back-end bank services orchestration • Provides API Portal, API Management, API Policies and Analytics IBM Integration portfolio 9 +90% of banks in Bulgaria will use IBM Integration Portfolio for PSD2 infrastructure either on-premise, either As-a-Service or mixed
- 10. AAA Security - Authentication - Authorization - Audit • All outbound/inbound services pass through DataPower - for security and governance IBM DataPower Gateway Advanced security appliance
- 11. PSD2 requires Intelligent Counter fraud solution in order to allow payments under €500 to be secured using transaction risk analysis without SCA. Managing payment security for PSD2 has implications for consumers who are using banking and card services to make payments. Payment service providers that don’t manage the customer communications process well could lose customers as a result. • Intelligent Counter Fraud • Third generation counter fraud management which uses interactive machine learning from past data and applies behavior based models. • Should be applied for all transaction channels in order to get unified customer experience Intelligent Counter Fraud
- 12. Best of both worlds – use any open source and any vendor machine learning and artificial intelligence platform/product – without the drawbacks A specific function provides training and verification data for “external” model training just as it does for the “internal” model training The scoring models can be used in any combination of other model components using the virtual simulation “sandboxes” • The most open data science platform for payment fraud prevention in the marketplace • Secure by design – The only PCI DSS compliant solution. PCI PA-DSS certified (annually) – currently PCI PA-DSS standard 3.2 on RHEL IBM Safer Payments
- 13. Under PSD2, banks will be required to put in place a so- called “fallback mechanism”, which Third Party Providers (TPPs) can rely on if dedicated interfaces are unavailable for more than 30 seconds for 5 consecutive requests, or if they did not meet the general operational requirements set out in the RTS. • Such a fallback mechanism will consist of opening up the ASPSP’s user-facing interface as a secure communication channel for payment initiation and account information services • However: • - this does not exclude digital consent from customer • - this does not exclude identification and authorization of the TPP SLA and fallback interface
- 14. PSD2 API Applications - to explore - test - collaborate • Swagger API according to Berlin Group NextGenPSD2 X2A standard and local standard BISTRA PSD2 Open API Portal from IBS Visit: https://developer.ibs.bg/psd2/
- 15. Simulated test environment • TPP Test Application • Test eIDAS TPP certificates • Test SCA application • Fully functional SandBox with simulated real operations
- 16. Q&A Goran Angelov CEO IBS Bulgaria Mobile: +359 888 237178 g.angelov@ibs.bg https://www.linkedin.com/in/goranangelov/
- 17. M A K I N G Y O U R D A Y IBS Bulgaria I ibs.bg 2019