Ensuring payment service compliancy
In addition to traditional PCI DSS –assessments and PCI PA-DSS development, fix ja validation services we offer different information security service to help to achieve compliancy.
List below describes some of the most typical findings in PCI compliancy assessments and services which can efficiently help to improve the deficiencies:
- Patch and continuity management process does not include all systems under the compliancy scope
- Poor management of administrative accounts
- System audit trail is insufficient
- Documentation is not up to date
- Strong, but easy end-user authentication
Payment Services Directive (PSD2)
New EU Payment Services Directive opens up the marketplace for new breed of service providers in addition to traditional financial institutions and payment service providers. The directive will be put into practice latest in the beginning of 2018 and it aims to benefit consumers and eCommerce merchants by decreasing the costs of payment transactions, make room for healthy competitions and increase innovation of new services. To accomplish these aims, the directive sets new requirements for example to banks. Banks need to make customer account and balance information accessible to external Payment Service Providers (PSPs).
Other service providers receive requirement for example to authenticate the customer using a strong method before transactions (KYC, know your customer –process).
When renewing or designing services under the new directive, we recommend the following in order to adhere to the directive’s information security requirements:
- Threat modeling
- Including information security as part of software development
- Setting and auditing of information security requirement for external service partners and suppliers
- API protection, security audit and monitoring. Read more: Information Security Inspection and Nixu Cyber Defense Center