PSD2
EU Revised Payment Services Directive
Overview
The EU Revised Payment Services Directive (PSD2) mandates Strong Customer Authentication (SCA), secure communication channels, and open access for regulated Third-Party Providers (TPPs). IOF's payments rail implements SCA, mTLS-secured API channels, and a TPP authorization flow, aligned to PSD2's Regulatory Technical Standards (RTS).
Scope
Applies to the FINANCIAL/Payments rail and any TPP integrations. SCA flows are enforced via Clerk (MFA/passkeys). TPP access is governed by the API key rail with explicit scope grants.
Key Controls
- Strong Customer Authentication (SCA) via Clerk MFA and passkeys
- mTLS mutual authentication for API-to-API communication
- Signed payment requests with non-repudiation
- TPP authorization with explicit scope grants (read/write/execute)
- Transaction monitoring for fraud detection
- Secure communication: TLS 1.3 + HSTS on all endpoints
Certification & Audit
Self-attested against PSD2 RTS; regulatory passporting TBD by jurisdiction
Annual review aligned to EBA RTS updates
Evidence Bundle
Evidence bundle available on request
Contact compliance@islamicopenfinance.com to request the evidence pack for this framework. We typically respond to audit requests within two business days.