From: Financial Times
The impact of EU rules on account security needs more thought after the Equifax hack
by Sheila Bair
The cyber world is full of would-be extractors of our bank account data. Banks and their regulators recognised cyber risk as a major threat decades ago and have built an elaborate ecosystem of protections against it. Regulated banks are strictly limited in how they store customers’ data. They are required to have multiple lines of defence against security breaches, subject to independent audit and review by government supervisors.
***
Given the relative success of bank cyber regulation, why would we want to provide new points of penetration? That is the question presented by the Second Payments Services Directive, or PSD2, being implemented in the UK and EU. The goal is to increase competition, lower costs and foster innovation in the bank-dominated payments system. But its impact on the security of customer bank accounts requires more thought, particularly in light of the Equifax hack.
Leave a Reply