A year ago, the European Union adopted the General Data Protection Regulation, or GDPR, a piece of legislation designed to force companies to protect people’s data. In just a few months, another data-related EU law is coming into effect: the second “payment services directive“, or PSD2.
The new law, which becomes mandatory on September 14, takes aim at financial firms. The goal: Boost competition and innovation within the industry by making banking and payments safer and more open through stronger security and data portability provisions.
Claire Hughes Johnson, chief operating officer of Stripe, the highest privately valued fintech startup in the U.S., dropped by Fortune’s Balancing The Ledger studio to discuss her company’s approach to compliance. She said the infrastructural challenges presented by the rules are “pretty rough.”
One aspect of the new law requires that banks support “strong customer authentication“; in other words, these companies must reject payments that fail to verify the identity of the purchaser, in real…