The PSD2 Challenge

Banks and Payment Service Providers (PSPs) operating in Europe are required to comply to Payment Services Directive (PSD2) regulations issued by the European Banking Authority (EBA) to protect customers

In particular, PSD2 requires adoption of Transactional Risk Analysis (TRA) mechanisms to detect in real-time a number of risk factors in a user session and thus minimize the risk of mistaken or fraudulent transactions.

The cost of not implementing PSD2 compliance before the the approaching deadline can be dire, both in terms of penalties and brand reputation. Nevertheless, achieving PSD2 compliance with traditional Fraud Management solutions presents several challenges, including:

  • missing malware detection capabilities for detecting signs of malware infection, either "during the authentication phase" or in any other phase 
  • required application changes that impact application development and thus adversely affect the ability to deliver new business functions
  • long implementation time and huge implementation effort caused by both solution complexity and available integration approach 

How Cleafy Helps

Cleafy protects online services and customers against the most advanced attacks from infected web and mobile endpoints. Cleafy detects in real-time advanced threats and account takeover, identity hijacking, transaction tampering and payment frauds scenarios. Moreover, Cleafy provides threat protection capabilities and effectively supports an adaptive threat response approach.

Cleafy makes it possible to become PSD2 compliat by quickly implementing all required Transactional Risk Analysis (TRA) mechanisms:

  • Deteministic malware detection identifies in real-time any sign of malware infection in all session phases, even before user authentication 
  • Behavioural and transactional analysis identifies any anomalous behaviour, including abnormal spending pattern and payee location   
  • Passive application monitoring approach neither requires any application changes nor impacts the application delivery architecture  

Once deployed, Cleafy delivers immediate benefits, both in terms of reduction of online frauds and improved efficiency of the security team.  

Cleafy introduces a quite unique and unorthodox approach towards threat detection and anti-fraud protection for financial service providers. As opposed to disjointed security products covering individual threat vectors, the company focuses on business and regulatory requirements for banks, e-commerce and other similar companies and offers an integrated, clientless real-time platform that directly integrates with adaptive authentication and incident response solutions most of their customers already have in place due to industry regulations. Directly addressing most of security clauses of the PSD2 directive, Cleafy offers a promising one-stop-shop solution for financial service providers’ regulatory compliance needs.

Alexei Balaganski KuppingerCole