This guide summarises the considerations and processes that are necessary to enable Account Servicing Payment Services Providers (ASPSPs) to provide secure and controlled Access to Accounts (XS2A) Services to those Third Party Providers (TPPs) who want to offer the new Payment Services available in Europe under PSD2.
The following subjects are covered:
Audience
This guide is aimed at the following audiences:
- Competent Authorities
- Account Servicing Payment Services Providers (ASPSPs)
- Third Party Providers (TPPs)
- Qualified Trust Service Providers (QTSPs)
References
The full guide cites the following sources:
- ‘Classification of Security Threats in Information Systems’ (Procedia Computer Science)
- The EBA RTS on Strong Customer Authentication & Common Secure Communications Under Directive 2015/2366 (PSD2)
- The General Data Protection Regulation (GDPR)
- The Revised Payment Services Directive (PSD2)
- Internet Security
- Controlled Access
- TPP Onboarding