The PSD2 deadline for banks to have a testing sandbox environment set up is fast approaching. For financial-grade specifications, they are working to model APIs for security and privacy, including protection with secure OAuth tokens and REST/JSON data schema recommendations. It’s how quickly companies can realistically achieve it. Read the blog to understand these considerations and how Ping Identity can help. STET is actively collaborating with many stakeholders and other standardization initiatives across the EU for the sake of having a high quality PSD2 API that will satisfy all European actors. Which API format are you adopting? European regulator offers limited extension on PSD2 secure payment deadline June 21, 2019 The European Banking Authority said it has agreed to a limited extension on the Sept. 14th deadline for compliance with Strong Customer Authentication under the PSD2 Payment Service Directive, which will increase authentication requirements for digital transactions, according to a release from the body. PSD2 deadline extension signals “lack of preparedness” among banks. Huge network complexities and costs would ensue if every bank developed their own proprietary API interface. In a nutshell, PSD2 simultaneously massively increases the amount of financial data moving into banks’ systems while als… According to an August 2018 survey, 67% said they are “extremely concerned” or “very concerned” about data privacy using fintech apps, and 56% said they would like to control which of their financial accounts and data types can be accessed by any third party. The most common critique of PSD2 is that it forces banks to provide open APIs, but it doesn’t specify a standard format for APIs across the EU. It relies on ISO20022 elements for structuring the data to be exchanged between TPPs and ASPSPs. That’s why several initiatives across Europe and elsewhere are helping specify and standardize API formats. Meanwhile, please continue to communicate and align closely with your PSP/Gateway/Acquirer who will be able to advise you of the processing possibilities and options available to you within the card brand guidelines for MIT and under the regulation of PSD2 SCA. PSD2 came into force on September 14, 2019. Now banks are nearing the first of two deadlines to comply with regulatory technical standards imposed by PSD2. Ready or Not, Here Comes the First PSD2 Deadline The deadline for all EU member states to transpose the Revised Payment Services Directive into national law was over a year ago on 13 January 2018.Now banks are nearing the first of two deadlines to comply with regulatory technical standards imposed by PSD2. However, the deadline came and went and the directive has yet to come into force, as the UK pushed back the deadline for compliance by 18 months in order to give banks more time to prepare. The Berlin Group’s NextGenPSD2 Framework The Berlin Group, a European coalition of banks and payment processors, has created the Access to Account (XS2A) framework based on the PSD2 and EBA RTS requirements. The new PSD2 directive is a fundamental piece of payment legislation in Europe. The 14 th of September was supposed to be the day that the last part of the Payment Services Directive, or PSD2, was rolled out across the EU.. It’s important that you evaluate your existing access management and security components to make sure they are specifically capable of protecting API resources since most legacy WAM systems aren’t. Many have created platforms or provide an API layer/portal, often as a managed service with all the PSD2-compliant APIs you need to have by the deadline. It was to go into effect on 14 September 2019. What happens if you don’t meet the PSD2 deadline? NO. Why the PSD2 deadline was extended? STET’s PSD2 API Owned by six major banks in France, STET has created PSD2 API v1.4 to provide a secure and easy-to-use set of services to be implemented on the server side by European ASPSPs. In particular, the PSD2 covers the following three types of services: 1. payment initiation services, which help consumers make online payments and inform the merchant immediately of the payment initiation, allowing for the immediate dispatch of goods or immediate acce…