Global
Africa
South Africa
Albania
Australia
Austria
Belgium
Bosnia Herzegovina
Bulgaria
Canada
Canada FR
Croatia
Czech Republic
Denmark
Estonia
Finland 
Finland (English)
France
Germany
Hong Kong
Hungary
Iceland
India
Indonesia
Ireland
Israel
Italy
Kosovo
Latvia
Lithuania
Malaysia
Middle East
Montenegro
Netherlands
New Zealand
North Macedonia
Norway
Philippines
Poland
Portugal
Romania
Saudi Arabia
Serbia
Singapore
Slovakia
Slovenija
Spain
Sweden
Switzerland DE
Switzerland FR
Thailand
Turkey
USA
Ukraine
United Kingdom
Vietnam
PSD2 Directive: Are you ready to manage public API interfaces?
[vc_row][vc_column][vc_column_text]
There is little time left until the deadline for full implementation of the EU directive aimed at driving a huge leap in European digital economy. PSD2 Directive is expected to have a tremendous impact on the future of financial institutions by opening the payments market to not only existing IT giants like Apple, Google and Facebook, but also new FinTech startup companies.
This is the second Payments Services Directive – coming into force on 13 January 2018 – updating and amending the initial 2007 version of the PSD Directive which created the legal basis for a single payments market in the European Union. The main objectives of this Directive are the integration and optimization of the European payments market, driving innovation and competitiveness and facilitating electronic payment security. However, most talked-about change that has been the top agenda at all bank meetings across Europe in the preceding months is the obligation of banks to open their APIs to authorized payment services providers (so-called Third-Party Providers – TPPs) and give them access to customers’ accounts. This means that most financial institutions will have to acquire API management gateway systems for managing API interfaces and calls, with emphasis on high security levels that such systems have to provide.
BASIC REQUIREMENTS
Requirements imposed by the new PSD2 Directive can be summarized in 3 basic points:
- Provide secure access to Third Party Providers (TPPs) which need to collect customers’ account data for payment purposes
- Authorize a specific business entity as a third party for the provision of payment services, as chosen by the end customer, which may include FinTech and retail companies, telecommunication services providers and other providers of transaction services (e.g. PayPal)
- Third Party Providers (TPPs) have to directly access two aspects of any bank account:
- Account data and transaction data
- Authorize payments directly from the account
RED HAT 3SCALE API MANAGEMENT PLATFORM
Why Red Hat 3Scale? Because 3scale API Management platform solves all of the above-mentioned challenges faced by not only financial institutions but also third-party payment services providers. Red Hat® 3scale API Management makes it easy to share, secure, distribute, control, and monetize your APIs, offers highest-level security and you can place it on any infrastructure – on-premise, in the cloud, or on any combination of the two (hybrid-cloud). Following requirements are stipulated under the PSD2 Directive and successfully handled by the 3Scale API Management platform:
[one_third]PSD2 REQUIREMENTS[/one_third][one_third] [/one_third][one_third]3SCALE FEATURES
[/one_third]
[one_third]Powerful authentication methods for protecting electronic payment transaction channels[/one_third][one_third] ——-> [/one_third][one_third]Various OAuth authentication scenarios for different applications[/one_third]
[one_third]XS2A requires end user authentication, 2-factor authentication (2FA), and user consent[/one_third][one_third] ——-> [/one_third][one_third]Support for OpenID authentication[/one_third]
[one_third]PSD2 allows third parties to monetize different scenarios and interactions[/one_third][one_third] ——-> [/one_third][one_third]Built-in billing module, ready for integration with different systems[/one_third]
[one_third]Payment services provider is obligated to establish a risk management system and regularly report risk assessments to the regulator[/one_third][one_third] ——-> [/one_third][one_third]3scale ensures security reports on demand and without delay[/one_third]
[one_third]Provide simple API Explorers so both developers and other business teams can interact with APIs in test and production scenarios[/one_third][one_third] ——-> [/one_third][one_third]Interactive documentation included in the world’s largest development environment and documentation generation system – Swagger (Open API)[/one_third]
[/vc_column_text][vc_separator][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]
Want to learn more? Contact us!
[/vc_column_text][/vc_column][/vc_row]
