It does not have to be a big headache, because it’s more of an opportunity. If managed appropriately, the new regulations will lead to more loyalty and stronger customer relationships, rather than issues to the business. In other words, the General Data Protection Rule (GDPR) and the second Payment Services Directive (PSD2) are good for business.
Privacy, fraud prevention, and security
Core considerations are privacy, fraud prevention, and security. The main reason being that the two previous regulations that GDPR and PSD2 replace are both more than 15 years old (GDPR’s predecessor the Data Protection Directive came into effect in 1995 a time when floppy discs had not long since given way to CD-s as the data transmission device of the time).
As such, the two former directives were really not able to cope with the ever-changing information industry and the modes and methods that are now used for data processing. As it has become one of the most important aspects of our lives - our personal data and the security of it - new regulations were needed to nudge users and service providers in a safe direction.
In light of PSD2, Strong Customer Authentication (SCA) will be required on all remote access to customer accounts (mainly designed to help prevent account access via phishing and other common forms of social engineering). Even though GDPR does not directly mention SCA per se, a careful review of the law leaves no doubt that if static passwords are left in place, and a breach occurs, organisations are faced with financial penalties of up to 2% of global annual turnover under the new rule.
This stems from the requirement to have all systems secured in a manner that is in proportion to the risks associated with that system and the related data. So, if the system stores vital personal information, say medical records, 2FA seems to be one of those measures that needs to be implemented to ensure data protection that is adequate.
This is an opportunity
While no one likes the idea of potential penalties nor incurring major development costs to implement a new piece of technology, this is an opportunity to improve your company and help your customers be more secure online. The main reason being that as data breaches become more and more common, the companies that take data security seriously will become trustworthy. Plus, they will be able to justify their product pricing better as these include the development and maintenance costs of a superior product in regards to security.
Watch our webinar dedicated to understanding elements of the PSD2 and GDPR as well as how businesses can navigate these new waters in a manner that ends up as a win, rather than a burden. We’ll discuss the major changes to data protection rules, as well as the impact on payment service providers and their partners.
In particular, we'll cover:
● The implications to Strong Customer Authentication
● European Bank Authority's update to Regulatory Technical Standards
● The requirement of multi-factor authentication.
● Tools that you could use
Since the regulations affect businesses that are not only operating Europe but operate with European citizens as clients (even one is enough), you likely fall into one of these categories regarding these regulations:
● Ready to take new regulations by the horns
● Making some progress with compliance, but still trying to understand the big picture
● Unsure of where to start.
No matter where you are right now, this webinar will help you better understand what’s coming and how to take next steps as well as obtain a better picture of how these changes can be a positive outcome for your business.