Track And Field Event Illustrating Fintech Makers Adjusting Their Positions In The Starting Blocks Before The PSD2 Launch

Securing AISP and PISP Apps After PSD2

If the launch of the Payment Services Directive (PSD2) marked the opening of a track and field event, then Fintech makers would be like runners adjusting their positions in the starting blocks. PSD2 does not officially come into play unto September 2019; however, banks will have to offer up their Application Programming Interfaces (APIs) to Third Party Providers (TPPs) for testing and integration six months before the PSD2 implementation date.

During 2018, then, banks and TPPs offering these mobile payment services need to ensure their applications and underlying customer account data are secure against cyber attack in light of the EU’s May 2018 implementation of the General Data Protection Regulations (GDPR). GDPR penalties for data breaches will fall heavily on service providers. That’s why Fintech companies that compete for consumers through PSD2 need to include Application Shielding and RASP technology in their portfolio of cybersecurity tools.

Open Season for Fintech Makers

Model showing examples of AISP and PISP servicesPSD2 liberalizes services currently dominated by banks. The regulation will permit Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs) to offer financial products that traditional financial institutions bundle with conventional banking customer services. Banks have been working to make their AISP and PISP offerings more competitive in light of the imminent entry of TPPs.

An AISP uses a customer’s account information to consolidate the consumer’s financial information in one place. An AISP user might want to consolidate their banking transactions across institutions, insurance payments, and savings vehicles to help them keep track of their spending or plan their finances. Recent entrants into this service line include Bud and Money Dashboard.

A PISP is an online payments company that offers an alternative platform for card or online banking. For instance, mobile app Chip uses A.I. to calculate how much users can save each month. The app then automatically deposits the amount into a savings account. Another app called Squirrel divvies up your salary into bills, savings and a weekly allowances to help with budgeting.

What’s At Stake?

An Accenture UK and Ireland survey — in partnership with the University College Dublin (UCD) Marketing Development Programme — revealed some key insights into the potential of PISP and AISP services, including:

  • More than 50 percent of consumers will use a PISP product that is secure and offers extensive retail options.
  • 76 percent of consumers are likely to choose traditional banks as their PISP over third-party PISPs.
  • One in three debit card payments and one in 10 credit card payments are expected to move to PISP by 2020.

How to Secure AISP and PISP Apps

Banks and TPPs need to be aware that the EU’s GDPR requirements are in place to protect consumer privacy. The EU will handle any breach or loss of customer data due to a cyber attack with the utmost gravity. One of the most effective means of protecting apps and the data they manage is through Application Shielding and RASP technology.

The technology guards against:

  • Attacks that occur while apps are running;
  • Block against unauthorized access;
  • Changes to application programming code to subvert equipment;
  • Reverse engineering software to discover vulnerabilities;
  • Damage to vendor brand and reputation due to cyber intrusions;
  • Intellectual property theft.

It also protects apps against the most common means through which hackers extract critical user information: Keyloggers, Spyware and Malware.

  • Keylogger protection alerts application managers that the device is attempting to insert an unauthorized keyboard overlay in place of a valid keyboard layer.
  • Spyware subverts the flow of applications as it captures the keystrokes and even takes snapshots of screens. The security technology will alert the app provider of the attempted changes to application processing and even blocks spyware activity.
  • It also blocks the activities of malicious payloads downloaded through phishing links. Often, the malware attempts to root mobile device Operating Systems to give complete control of the machine to hackers.  

While PSD2 offers new opportunities to Fintech in the EU marketplace, legitimate app makers need to design cybersecurity into their products from the outset. After all, it’s no good being “first off the block” if you stumble while running the course.