We Specialize in

PSD2 is a European legislation governing payment handling principles and has been adopted in EEA countries. It primarily focuses on establishing a new authorization regime for payment institutions, ensuring transparency in information provided to customers, and defining the rights and obligations of payment service providers and users.

PSD 2 relates to the payment legislation in Europe, which introduced new payment handling principles and was transposed into law within each EEA country.

The Payment Service Directive currently only applies to payment in EEA currencies between accounts located with the EEA. The directive essentially deals with the following three issues:

  • Establishes a new authorization regime for payment institutions
  • Establishes transparency requirements to ensure that payment service providers give the required information to their customers relating to payments
  • Sets out the rights and obligations of Payments service Providers and users, laying down rules on the movement of funds from the origin of payment through its execution, including dealing with disputes between users and providers. PSD2 controls relate to the following areas:
    • Governance-Operational and security risk management framework
    • Risk management and control models
    • Outsourcing (Third Party Services)
    • Risk assessments-Identification of functions, processes and assets
    • Classification of functions, processes and assets
    • Protection-Preventive security measures against identified operational and security risks
    • Data and systems integrity and confidentiality
    • Physical Access
    • Access Control
    • Detection-Continuous monitoring and detection of operations
    • Monitoring and reporting of operational or security incidents
    • Business continuity
    • Scenario-based business continuity planning
    • Testing of business continuity plans
    • Crisis communication
    • Testing of security measures
    • Situational awareness and continuous learning – Threat landscape and situational awareness
    • Training and security awareness programs
    • Payment service user relationship management-payment service user awareness of security risks and risk-mitigating actions

The service Kyte provides to its clients is to review their IT related controls or planned controls and see if adherence with the PSD2 regulations is in place. Kyte also provides entities with the assurance that controls are in place to ensure Strong Authentication as required by PSD2.


What changes does PSD2 introduce that may impact you?

Expand the payments covered by the Directive, to include:

Intra-EEA Payments (payments made between PSPs located in the EEA) in any currency, not just EEA currencies; and

One Leg Out (OLO) transactions from or into the EEA in any currency (where one of the PSPs is located inside the EEA and the other PSP is located outside the EEA)

Enhance customer protection and security for on-line payment services by defining strong customer authentication (SCA) requirements and technical standards (defined in the Regulatory Technical Standards or RTS) for third party access.

Add new types of payment services into scope by creating new third-party access rules enabling non-bank organizations to provide payment initiation and account information services (known as XS2A or Access to Accounts).

When did the PSD2 come into effect?

European Economic Area (EEA) countries were required to implement and transpose PSD2 requirements into local law by no later than January 13, 2018.

Which countries are in the EEA?

PSD2 applies to all EEA countries. The country scope of the Directive is based on the country location of the servicing PSP. The current list of EEA countries is: Austria; Belgium; Bulgaria; Croatia; Cyprus; Czech Republic; Denmark; Estonia; Finland; France; Germany; Greece; Hungary; Iceland; Italy; Latvia; Lichtenstein; Lithuania; Luxembourg; Malta; Norway; Poland; Portugal; Republic of Ireland; Romania; Slovakia; Slovenia; Spain; Sweden; Netherlands and United Kingdom.

Raising standards since 2006.

Kyte Global, with clients in over 65 countries has established itself as a unique company providing a one-stop-shop to all your information security and compliance requirements.

At Kyte Global we attempt to add value in everything we do. Our services have evolved as a result of the growing needs of our clients. Regulations keep getting stricter, compliance requirements keep getting more onerous and clients find themselves spending more time addressing these issues rather than focusing on their business. At the same time, resources with the right knowledge and experience are hard to come by. Kyte Global tries to tackle these issues by providing a one stop shop to all the client’s needs. Kyte Global understands that Compliance is an effective way of ensuring that controls are implemented.

Internally, Kyte Global is organised in teams, each dedicated to a specific service, usually revolving around a specific standard or regulation. Some of these are PCI DSS, ISO 27001, GDPR, Internal Audit, AML, Gaming, Penetration Testing, Training to name a few. Each team is made up of trained professionals, all experts in their own field.

Over the years, Kyte Global has established partnerships with suppliers that develop and implement industry leading solutions so that it can make recommendations to clients who require such services or products. Kyte is proud to have a network of partners that can assist its clients, big or small, in virtually all of the industries it operates in.


News & Insights

Stay informed with our dynamic News and Insights section, where we share timely updates, industry trends, and expert perspectives to keep you ahead of the curve and informed about the latest developments in the field. Explore a wealth of valuable resources that empower you with knowledge and actionable insights for informed decision-making.

Kyte Global at Seamless Middle East
Wednesday, 22nd May 2024

Kyte Global's team actively participated in Seamless Middle East. The event provided a valuable platform to connect with industry leaders and explore the latest trends in information security and compliance. Kyte Global showcased its expertise in ISO 27001, PCI DSS, and SOC 2 compliance, all crucial for building trust and ensuring secure transactions in the digital sphere. By attending Seamless Middle East, Kyte Global positioned itself as a vital partner in the journey towards a more secure and sustainable digital future.

Continue reading
Kyte Talks Insights in Information Security and Compliance
Thursday, 16th May 2024

Kyte Global is proud to announce the inauguration of Kyte Talks, a series of formal discussions designed to elucidate the dynamic landscape of information security and compliance. These enriching sessions will convene esteemed industry experts to share their knowledge and address critical issues confronting businesses in today's environment.

Continue reading
Bridging the Gap How ISO 27001 Compliance Paves the Way for DORA Success
Friday, 22nd March 2024

DORA aims to ensure that financial institutions possess the operational resilience to withstand and recover from disruptions, including cyber attacks. This aligns perfectly with the risk-based approach advocated by ISO 27001, which establishes an Information Security Management System (ISMS) to identify, assess, and mitigate information security risks.

Continue reading