In recent years significant progress in integrating open banking has been made in the European Union, in particular, in the framework of Directive (EU), 2015/2366 and Commission Delegated Regulation (EU) 2018/389 of 27 November 2017, which further supplemented the legal framework for the provision of payment services.
It was supplemented from the point of view of the previously mentioned open banking and the supplementation of regulatory technical standards for safer execution of transactions and greater transparency of payments.
However, the new rules for credit institutions and electronic money issuers require certain technical changes and regular audits. The basis for conducting audits is in Articles 3 and 1 of Commission Delegated Regulation (EU) 2018/389.
In the first part of the audit, the technical controls on the use of the strong authentication procedure (SCA) are reviewed:
In the next phase, a security audit of the confidentiality and integrity of the security features of the payment service user and the establishment of common and secure open standards for communication between payment service providers are carried out:
Credit and payment institutions using strong user authentication must perform internal and external audits of the methodology, model, and risk levels. The audit is performed by a certified auditor according to the ISAE 3000 standard.
The audit of security measures and the audit of TRA are carried out annually with the assistance of an expert with expertise in the field of information technology security.
The TRA audit is performed for the first time and every three years with an independent certified auditor.
As a result of the audit, a report and an assessment of the compliance of the contracting authority's security measures shall be prepared in accordance with the requirements of this Regulation. Contact us if you want to know more or arrange an introductory meeting to find out what we can do for you.