PSD2 Compliance

As the trusted security partner to the world’s leading banks, we provide expert industry and technical guidance for PSD2 compliance

PSD2: Are You Ready for Strong Customer Authentication?

The EU Payments Services Directive (PSD2) contains requirements related to Strong Customer Authentication (SCA). Financial institutions must comply with these requirements by September 2019. However, specific Payment Service Providers (PSPs) could qualify for an exceptional extension in the context of card payments for e-commerce according to a recent EBA Opinion.

Need Answers fast? Ask the PSD2 Expert.

Visit the PSD2 Questions & Answers Forum and receive rapid responses to all submitted questions

Compliance Criteria

Five security criteria that must be fulfilled to achieve PSD2 compliance

Mobile device with a thumbprint and a one-time password

Strong Authentication

Authentication must be based on two or more factors, including passwords or PIN, tokens or mobile devices, or biometrics


Transaction Risk Analysis

Mandates the use of transaction risk analysis to deter fraudulent payments


Replication Protection

PSD2 mandates the use of dedicated mobile app cloning counter-measures in applications

Transaction Validation

Dynamic Linking

For payment transactions, the authentication code must be dynamically linked to both the amount and payee


Independent Elements

Payment service providers must adopt security measures to mitigate the risk resulting from compromised mobile devices

Customer Use Case

Learn how the Bank of Cyprus implemented software authentication and transaction-specific one-time passcodes (OTP) to comply with the revised Payment Services Directive (PSD2).

Our Capabilities

Customizable options to meet all your PSD2 compliance needs


Adaptive Authentication

Intelligent authentication solution designed to drive growth by improving the customer experience and reducing fraud


Authentication Software

Extensive authentication software solution suite includes leading biometric, OOB options for frictionless mobile authentication


Mobile App Security

Mitigate malicious attacks and reduce exposure to fraud with our mobile app security solutions, as required by PSD2


Authentication Hardware

Digipass® two factor authenticator tokens deliver strong, cost-effective security


Risk Analytics

Sophisticated risk analytics engine leveraging machine learning to better detect fraud in real time

Customer Use Case

Learn how Raiffeisen Italy implemented mobile authentication & mobile app shielding for PSD2 compliance and ease of use.

Contact Us

Do you have questions about PSD2? Get the information you need, fast

The information on this site is for informational purposes only and does not constitute legal advice. We recommend that you seek independent professional advice. OneSpan does not accept liability for the contents of these materials.