PSD2 TRA revision:
The audit is performed by a certified auditor according to the ISAE 3000 standard and includes:
- Documentation overview
- Review of data capture methods and data integrity
- Review of the algorithm for calculating the risk
Strong customer authentication (SCA) required by PSD2 involves multifactor authentication online to improve security. Many institutions have had difficulty implementing the necessary changes due to the requisite development and implementation of APIs needed to exchange data with other institutions.
The multifactor authentication involves gathering, securing, and sharing two of the following:
- Information the cardholder “knows” (PIN, password)
- Information the cardholder “has,” (token sent to mobile phone)
- Something unique to the cardholder (voice, fingerprint, and other biometrics)
Your successful compliance with PSD2 hinges on connections with other institutions, including fintechs, retailers, and banks. We can review APIs you have put in place or help you fast track the development and implementation of powerful APIs needed to aggregate, encrypt and share account data as required by the law.
Mandatory PSD2 implementation
TRA audit and the audit of security measures are carried out annually with the assistance of the information security expert.
The TRA audit is performed every 3 years by an independent certified auditor.
SIQ can help you bridge the gap between your current controls and the new standards and assist your business by ensuring that you are following PSD2 technical standards. Our experts will help you understand and meet the requirements of the PSD2 Regulation.