Client
Payment service provider exemption from strong customer authentication
Objective
The requirement to implement strong customer authentication for the PSP’s client base would have been complex for this PSP but given that it had separate payment processes and protocols for its corporate clients it could avail of the corporate exemption. To avail of the corporate exemption, the senior management had to be confident that the relevant security standards were comparable to those identified in the second Payment Services Directive. It also had to provide a notification to the FCA of its intention to avail of the exemption, with sufficient details, through its operational and security risk assessment and with sufficient advance notice.
Approach
fscom deployed its payments and cyber security experts to assess the security standards in place for the corporate payments protocols and processes against those set out in the Regulatory Technical Standards and the second Payment Services Directive. The team provided its assessment and recommendations in an audit report to the senior management. Our expert provided support to the PSP’s team to complete the relevant reporting return.
Outcome
fscom delivered the project, including the final report in six weeks and the client was able to avail of the corporate exemption.
