PSD2 (Revised Payment Services Directive)
Related service Cybersecurity
DEFINITION
EU payment services directive. Forces banks to expose open APIs and requires strong customer authentication (SCA) on every payment. The backbone of open banking.
- Threat model→
A structured exercise that walks the system's actors, attack surface, risks, and controls. Day one of every DField project · before any code.
- Penetration test (pentest)→
Manual + tooled attack simulation that reveals what an attacker could achieve. We deliver findings as PRs in your repo, not an 80-page PDF.
- DevSecOps→
Security as a continuously-running CI step (SAST, DAST, SCA, IaC scan), not an annual project. Runs against every push; every sprint closes at least one security bug.
- MFA (Multi-factor auth)→
Two or more factors (TOTP, WebAuthn, biometric) beyond a password. Table-stakes in SaaS today · enterprise procurement disqualifies you without it.
- SOC 2→
A US audit framework for confidentiality, integrity, availability, and privacy controls. For SaaS, the Type II audit (6-12 months of observation) is the standard enterprise baseline.
- ISO 27001→
International standard for Information Security Management Systems (ISMS). Often preferred in Europe instead of or alongside SOC 2. 3-year certification cycle.
- 0102 Jun 2026H1 2026 in review: what changed for EU software teams→
- 0214 May 2026Hiring a European Engineering Studio · 2026 US & UAE Guide→
- 0314 May 2026The EU AI Act in practice: a 2026 guide for AI teams→
- 0414 May 2026What a Real Penetration Test Delivers in 2026→
- 0514 May 2026Brief a software studio so the quotes come back accurate→
- 0614 May 2026The cost of software after launch: what nobody budgets for→
- 0714 May 2026GDPR, NIS2, AI Act, MiCA: which EU rules hit your software?→
- 0809 May 2026EU AI Act for Hungarian startups: 2026 founder's guide→