PSD2 and PCI DSS Compliance Can Be Found in the Cloud

Written by Sean Ventura, Chief Information Security Officer. This article was originally published on PaymentsSource

Smartphone applications allow users to complete tasks in seconds that once required a visit to the bank, such as transfers and depositing paychecks.

The cloud facilitates this increased activity, giving banks the computing power necessary to process millions of customer requests and payments through the application at any given moment. And by managing front-end functionality in the cloud, institutions gain an extra layer of security against growing cyberthreats. Ultimately, the cloud helps banks meet demand in a world of increasing expectations.

However, as digital banking grows, so do regulations. One concern: according to Verizon’s 2018 Payment Security Report, full PCI DSS compliance dipped slightly to 52.5 percent in 2017 after five years of gains.

Although the standard’s core components have remained the same for more than a decade, PCI DSS is a living document, continually updating to meet new threats. The cloud can ease compliance burdens; by working with cloud managed service providers to adopt solutions such as Microsoft Azure and outsource some portions of controls in order to meet compliance, FIs can free their IT team to focus on more profitable projects, reduce the risk of fines and ease the administrative burden of audits.

But PCI DSS isn’t the only regulation FIs are watching. New regulations aimed at giving consumers more options could be on the horizon. PSD2, now active in the European Union, opens up other financial service providers to process consumer payments; this means FIs could be cut out of revenue that they traditionally relied on, as e-commerce operations and consumers choose other payment providers.

This also allows fintech startups to even the playing field with industry giants. To support this option, PSD2 requires FIs to make customer data available (at the customer’s request) to third parties using application programming interfaces (APIs). This increased competition for the payment market will fuel innovation and drive FIs to focus heavily on consumer preferences and trust.

As US companies watch PSD2s rollout and consider how they would address similar legislation, the cloud is more valuable than ever. FIs that could once count on customers turning to them for all of their banking needs suddenly face greater competition. By adopting the cloud now, established FIs can become more agile, reducing time-to-market for new offerings, such as digital wallets or online mortgages, without sacrificing high security standards.

It’s unlikely FIs will move away from their legacy systems anytime soon – there’s too much data driving core banking processes to make a shift feasible without great disruption and cost. But the industry is changing, with ambitious startups and greater security concerns forcing FIs to re-evaluate their offerings and think about digital approaches to what were once predominately analog processes. In this new financial frontier, cloud application development and front-end hosting will be table stakes for FIs looking to remain relevant.

We deliver solutions that accelerate the value of Azure.

Ready to experience the full power of Microsoft Azure?

Start Today