Snippet: As any and every bank and organization that deals with payments knows by now, the European Banking Authority’s regulatory technical standards (RTS) on strong customer authentication take effect in September 2019.

As any and every bank and organization that deals with payments knows by now, the European Banking Authority’s regulatory technical standards (RTS) on strong customer authentication take effect in September 2019. However, given the requirement to have the relevant APIs, documentation, and testing done a full six months before that date, the actual deadline is March 2019. With less than a year to go, the implementation clock is ticking loudly.

The RTS forms part of the revised Payment Services Directive (PSD2), of which certain sections have already kicked in. Compliance with industry regulations is one of the core solutions that Entersekt offers banks, and prospective clients often ask us if we can prove that we’re compliant. Yes, we can.

An assessment by the Dutch consultancy Payments Advisory Group in May 2017 confirmed that Entersekt’s technology complies with all relevant sections of the RTS, and on 4 April 2018, we were proud to announce that another independent and respected security consulting firm has endorsed our Transakt product for PSD2 compliance. After spending several months evaluating Transakt, the German firm SRC Security Research & Consulting concluded our technology to be not only compliant with the RTS, but also a “state of the art solution” to the requirements for strong customer authentication.

The SRC report also corroborates our argument that with the right technology, an organization can offer compliant strong authentication with a single device. According to Section 3.2 of SRC’s report, “The secure communication […] is therefore independent of the remaining operating system of the mobile device. This allows for the implementation of separated secure execution environments as required by the EBA RTS, article 9”.

Security, sorted

Europe’s financial institutions are urgently searching for a PSD2-compliant strong customer authentication solution that impacts consumers’ digital interactions as little as possible. Transakt not only meets all relevant requirements set out in the RTS; SRC Security Research & Consulting reported that our technology also “makes use of industry wide accepted best practices […], especially in cryptographically securing and authenticating its credentials and its client-server communication”.

The PSD2 RTS allows the use of a mobile device for authenticating digital logins as well as payments, as long as the payment service provider’s (or bank’s) software on that device makes use of certain security measures, such as a trusted execution environment, root/jailbreak detection, device binding, and a dedicated encrypted channel for authentication communication between the device and the service provider’s back-end servers that is completely separate from the device’s operating system. Since Transakt has been proved to make use of all of these measures, the software offers banks an ideal security solution. With Transakt, your customers don’t need a second device for strong authentication – they don’t even need a second app.

Opportunity knocks

Although staying in line with regulations is very important, Transakt enables you to do much more than just pass a compliance test. Entersekt’s solution establishes a future-proof foundation for your organization and delivers a superior mobile user experience, while also enabling a range of new and innovative service possibilities. With PSD2 enabling many new interactions, the user experience you offer will be key to your success. We believe that in the post-PSD2 world, forward-thinking banks will build customer-centric experiences that empower users to interact from anywhere, at any time, strengthening their trust relationship with each interaction.

This changes the bank’s role from potential irrelevance to the official custodian of its customers’ digital assets, also providing services built around the access to and management of these valuable assets. The bank remains the trusted party and retains its relationship with its customers, while third parties offer services that leverage the bank’s access to digital assets. In this way, PSD2 becomes the vehicle for banks to establish and solidify their value proposition in the digital landscape of the future.

Subscribe to our blog.

Jonathan Knoll


Jonathan brings us over 25 years’ experience in business development, strategy, marketing, and sales in the United States and Europe. Most recently, he served as director of financial services strategic partnerships at PayPal, building on his already extensive knowledge of the digital payments and financial services industries.

Entersekt Logo

Entersekt is an innovator of customer-centric fintech solutions. Financial services providers and other enterprises rely on our patented mobile identity system to provide both security and the best in convenient new digital experiences to their customers, irrespective of the service channel. With us, they can concentrate on their innovation roadmap, while delivering intuitive, low-friction digital experiences to their customers.