eiDAS & PSD2 - The New Payments Industry Paradigm in Europe

The Revised Payment Services Directive (PSD2) is poised to revolutionize the payment services industry. Its underlying principles mean that industry participants will have to innovate in terms of product structuring, service delivery, user experience and optimize in terms of costs to retain market share.

The PSD2 Directive is supported by other initiatives which promote innovation in customer experience with their own revolutionary leaps in transactional security: The eIDAS Regulation provides pan-European, cross-border mechanisms for customer authentication and ensuring trust while technical standards define just what it means to have Strong Customer Authentication (SCA).

Together, these directives all work towards the singular goal of making the payments industry in Europe safer, faster, cheaper and more convenient. The underlying foundations of all these initiatives are based on the following principles:

  • When it comes to payment transactions, the key elements of Strong Customer Authentication must be achieved. This can be done in multiple ways and requires a combination of something that a user knows, is and has access to.
  • Technological neutrality is at the core of what the eIDAS Regulation and the Regulatory Technical Standards stand for. This means the regulation does not prescribe a specific technical implementation. Neutrality can be achieved through various means to ensure cryptographically secured authentication and this is where tools like Hardware Security modules (HSMs) can really boost security and efficiency. Utimaco’s CryptoServer CP5 HSM is the first such module in the market to receive the Common Criteria (CC) EAL4+ certification based on eIDAS Protection Profile EN 419 221-5. EN 419 221 specifies a “Protection Profile for cryptographic modules which is intended to be suitable for use by trust service providers supporting electronic signature and electronic sealing operations, certificate issuance and revocation, timestamp operations, and authentication services, as identified by” the eIDAS Regulation.
  • It is not just enough to secure the transactions themselves and prevent unauthorized ones, but it’s also important to secure sensitive data (like account information, balances etc.) from being leaked.
  • Customer experience and convenience must be placed at the forefront without compromising security. While adding more security can sometimes make transaction initiation cumbersome, these directives are inherently designed to overcome some of the related burden. For example, the accessibility of various bank accounts from one single platform – made available by Account Information or Payment Initiation Service Providers (AISPs or PISPs) under PSD2 – can make managing your finances much easier. So rather than having to remember four distinct passwords for four bank accounts, you just need one password and e.g. a One-Time Password delivered to your phone to access all four accounts through a single portal or app. That is just a very obvious example of the limitless possibilities that PSD2 offers.
  • Monitoring, risk analysis, and regular audits are also key elements of reliable security. Today’s systems can monitor thousands of concurrent transactions in milliseconds and detect suspicious activities. HSMs can provide a much-needed boost in efficiency.
  • There are also provisions for exceptions such as low value transactions, recurring payments, B2B transactions where corporate clients want to use bespoke authentication mechanisms and so on. These might seem trivial, but such exception make sense following the 80-20 Pareto principle for low volume or recurring (subscription) payments.

A deeper analysis of all the recent European Directives for the payments industry reveals that there is a great symphony at play here. Companies like Utimaco have recognized this: With eIDAS, the European Commission is looking to stimulate the digital market in Europe. Being the first HSM vendor certified according to Protection Profile EN 419 221-5, Utimaco helps pave the way for compliant and highly secure trust services today and in the future. These ambitions are also reflected in an increasing number of current and upcoming partner projects.”

The sum total of all of these taken together – EU initiatives and business participation – paves the way for a true Digital Single Market across national borders in Europe, with innovative products and services, improved customer experience and nonetheless appropriate and security measures.

References and further reading

About the author

Ulrich Scholten ist ein international tätiger Unternehmer und Wissenschaftler. Sie hat einen Doktortitel in Informationstechnologie und besitzt mehrere Patente für cloudbasierte Sensoren. Seine Forschung zum Thema Cloud Computing wird regelmäßig in renommierten Zeitschriften und Konferenzbeiträgen veröffentlicht. Von 2008 bis 2015 war er wissenschaftlicher Mitarbeiter am Karlsruher Service Research Institute (KSRI), einer Partnerschaft von KIT und IBM, wo er gemeinsam mit SAP Research Netzwerkeffekte im Zusammenhang mit Webplattformen erforschte.

To find more press releases related with below topics, click on one of the keywords:

Wie können wir Ihnen helfen?

Sprechen Sie mit einem unserer Spezialisten und erfahren Sie, wie Utimaco Sie unterstützen kann.
Sie haben zwei verschiedene Arten von Downloads ausgewählt, so dass Sie verschiedene Formulare absenden müssen, die Sie über die beiden Tabs auswählen können.

Ihre Download-Sammlung:

    Direkt nach dem Absenden des Formulars erhalten Sie die Links zu den von Ihnen ausgewählten Downloads.

    Ihre Download-Sammlung:

      Für diese Art von Dokumenten muss Ihre E-Mail Adresse verifiziert werden. Sie erhalten die Links für die von Ihnen ausgewählten Downloads per E-Mail, nachdem Sie das unten stehende Formular abgeschickt haben.

      Downloads von Utimaco

      Besuchen Sie unseren Download-Bereich und wählen Sie aus: Broschüren, Datenblätter, White-Papers und vieles mehr. 

      Fast alle können Sie direkt ansehen und speichern (indem Sie auf den Download-Button klicken).

      Für einige Dokumente muss zunächst Ihre E-Mail-Adresse verifiziert werden. Der Button enthält dann ein E-Mail-Symbol.

      Download via e-mail


      Der Klick auf einen solchen Button öffnet ein Online-Formular, das Sie bitte ausfüllen und abschicken. Sie können mehrere Downloads dieser Art sammeln und die Links per E-Mail erhalten, indem Sie nur ein Formular für alle gewählten Downloads ausfüllen. Ihre aktuelle Sammlung ist leer.