• Gemalto is now part of the Thales Group, find out more.

PSD2 - Double down on security with 2‑factor authentication

People around the world are increasingly conducting their banking operations online from a range of devices, including computers, tablets and mobile phones. 

Innovative banking services are flourishing, providing more reliable, simple and convenient solutions. 

And yet, the growth of online and mobile payments has also been accompanied by a dramatic growth of Internet fraud. 

Banking customers expect convenience but are not willing to trade away security in the process. According to a recent Gemalto poll, 44% of those surveyed would switch banks if their current bank was breached. The onus on protecting personal customer information is clearly on the bank.



PSD2 compliance: Strong customer authentication​​

Banks around Europe are facing the challenge of implementing the revised Payment Services Directive (PSD2) and, in practice, its related Regulatory Technical Standards (RTS).

Banks should provide a more robust framework to offer the added security that consumers are seeking. The new European regulation mandates Strong Customer Authentication (SCA) procedures for online banking services and for initiating and processing electronic payments.

psd2 compliance

Strong Customer Authentication, as defined in PSD2, means that transactions are authenticated using two or more of the following elements: 

  • Knowledge: something only the user knows (e.g. password, pin, ID number) 
  • Ownership: something only the user possesses (e.g. mobile device, token, smart card) 
  • Inherence: something only the user is (e.g. fingerprint, face or voice recognition) 

In the case of remote payments PSD2 compliance also requires the creation of a dynamic link, an additional authentication element that dynamically links the transaction amount and the account number of the payee.

  • Understand PSD2 compliance and discover PSD2 solutions

    Read our white papers​​​ to understand the latest implications of PSD2 for the banking and payment landscape in ​europe​​​​.​​

    Download the whitepapers

Gemalto Mobile Solutions​

Looking to provide added security to your banking and financial services? The Gemalto Mobile Authentication Suite provides state-of-the-art security to the mobile channel for a seamless user experience. 

The software suite easily integrates into any mobile financial app to support the full set of strong customer authentication factors, including biometric methods such as fingerprint and facial recognition. It also shields your mobile banking app against attacks like key loggers, malware, reverse engineering application cloning and phone theft. The built-in messenger software also secures the mobile channel, the authentication elements, the transaction value and beneficiary. Using it as an out-of-band authentication channel helps protect non-mobile transactions against attacks like phishing, man-in-the-middle and man-in-the-browser. 

Considering the security requirements stated by PSD2 / RTS, we may assess that our Mobile solutions address all the needs expressed by EC and EBA, and may help banks to reach a high compliance level, especially: 

  • Having a secure storage environment separated from processing environment 
  • Protecting data as confidential data are enciphered or not stored, Strong Customer Authentication is required to access them and measures against data duplication exist 
  • Securing communication thanks to ciphering, servers exchanging with mobile are authenticated and secure channel is provided as well as device binding


 All over the world, financial institutions trust Gemalto to leverage the mobile channel to deliver secure and convenient digital banking services to their customers. The software suite is already used by more than 40 banks across the world to secure their financial services in such areas as mobile banking, mobile wallet and payments, online banking, e-commerce, card management, P2P money transfers and cardless ATMs to name a few!​​​

 Press Release

  • Docaposte and Thales provide 100% French technology expertise for La Poste’s digital ID service