API-Server — Powered by KTH Delivering PSD2 solutions to banks


PSD2 became law in all 28 countries of the EU on the 13th January 2018. Banks are now required to open their customer data securely to third party payment service providers (TPPs). KAL software can help banks and TPPs become compliant.


What banks must do

One of PSD2’s requirements is that banks make it possible for TPPs to access customer data securely using Strong Customer Authentication (SCA). This makes it easier and cheaper for consumers to transfer funds and make payments. With PSD2 payments, each transaction must be explicitly authorized by the consumer using their SCA credentials. Only the consumer is able to do that – and a hacker can’t replicate this process using stolen information, as the credentials are unique each time.

Strong Customer Authentication (SCA)

SCA is an integral part of the new era of Open Banking. Under the EBA’s Regulatory Technical Standards (RTS), banks must comply with and create a secure execution environment using multi-factor authentication. That process must include at least two of the following three factors:

sca possesion


Smart device or card

sca knowledge


PIN or password

sca knowledge




KAL’s Open Banking solution

KAL’s server technology is able to expose a secure API that allows SCA-compliant transactions to be carried out by TPPs.

KAL’s API-Server Powered by KTH is designed to be installed in a bank’s data center with support for dual-data center architectures and secure hardware devices such as HSMs.

The API-Server is managed and monitored using KAL’s KTC management system. It enables banks to navigate the transition into open banking easily while meeting the regulatory requirements.

sca diagram

Why should banks choose KAL?

KAL is recognized as a world-leading ATM software company: its software drives hundreds of thousands of ATMs in more than 80 countries.

For well over a decade, ATMs around the world have been using a two-factor authentication method – better known as EMV – to authorize transactions.

This means KAL software is ready and deployed today to handle the SCA-compliant mechanisms required by PSD2.

KAL Payments secure


For over 25 years, KAL has delivered highly scalable secure transaction processing software

KAL Payments secure


Highly customizable and can be adapted to legacy systems or integrated into a bank’s digital strategy

KAL Payments secure

Cost effective

Easy to implement and does not require a bank to design its own solution

Timeline for PSD2 and RTS

Source: European Payments Council

  • 13 January 2018

    PSD2 enters into effect, with the main exception of the security measures described in the RTS.

  • By 27 February 2018

    The European Parliament and the European Council approve (or reject) the final RTS.

  • In September 2019

    18 months after their publication in the Official Journal of the EU, the RTS apply.


Source link