PSD2

PSD2: challenge converted to an opportunity with Secured Runtime

2 February 2017

connected company

One of the drivers of innovation in the financial sector is the PSD2/XS2A legislation. The revised Directive on Payment Services is an EU directive that obliges banks, as of 2018, to provide external service providers with access to customers' current accounts, as long as the customers give permission.

In order to achieve this, the banks must build open-source APIs – and this in turn opens up the banks' traditional playing field to new players. This takes digitalization within the financial sector to a new level, with all its associated challenges and risks. Banks are facing the very real risk of losing contact with their customers and being reduced to a back-end processing system.

Innovation and opportunities

From the point of view of innovation, the new legislation is in fact opening up opportunities for the banking sector. Exchanging information – and especially sensitive information – has to be done in a secure manner while always observing a number of compliance requirements. Which is precisely where financial institutions have built up substantial experience. Banks have everything they need to potentially reposition themselves from being a classic institution into a digital platform where an API economy is crucial.

There are a number of options for making the playing field of information exchange secure. We would like to present one of our solutions today.

Secured Runtime allows you to run untrustworthy code from partners or external entities within a secure environment. They are always run subject to a pre-defined policy that defines the rules and restrictions. In this way, the untrustworthy code is guaranteed not to have any impact on other IT processes and is kept isolated within the context of a defined user.

As a financial institution, this gives you the ability to set up an integration platform for third parties. Both parties can benefit from this. Your financial institution can differentiate itself from its competitors in the area of technical options and ease of integration. At the same time, you retain control over compliance issues. In this way you can, for example, offer services where the bank can guarantee that sensitive information never leaves the IT environment, or only in anonymized form.

Secured Runtime offers some intelligent mechanisms in this area to assign a sensitivity level to data. Non-sensitive data can be transferred, but sensitive data can be processed while the results remain sensitive until a certain level or form of anonymization has been reached. Only then can the data be transferred.


Are you interested in receiving more information about Secured Runtime, or would you like to learn more about how a connected company can work? Contact our expert Roel De Cuyper, Division Manager at The Connected Company, at roel.decuyper@realdolmen.com.

If you would like to learn more about connected companies, read our earlier blogposts:

Become a connected company with these 10 principles

Proximus and IoT: a story about 'getting there together'

Blockchain is more than just a digital currency unit. Some applications that are already available today

Sign up for our newsletter

Would you like to receive our newsletter and stay informed about your preferred topics? 

Sign up here