Journal of Society for e-Business Studies

Traditionally banks and other financial institutions use customers’ accounts and information managed by them and provide payment services in dominant positions. Recently, EU amends Payment Services Directive to institutionally guarantee access to customers’ accounts and use of account-related information even to third parties, which facilitates competition in financial markets and promotes innovation. However, this kind of change can increase potential security risks and therefore institutional responses from financial authorities are required so that all participants in financial markets can properly respond to security risks. In this study institutional responses to the security risks in the EU’s new Payment Services Directive (PSD2) are analyzed, comparisons between this and domestic electronic financial regulations are analyzed, and implications for the direction of improving domestic electronic financial regulations will be suggested.

Bank of Korea, 2017 Financial Informatization Promotion, https://www.bok.or.kr/portal/bbs/P0000272/view.do?nttId=10047572&menuNo=200728&pageIndex=, 2018.

Cortet, M., Rijks, T., and Nijland, S., “PSD2: The digital transformation accelerator for banks,” Journal of Payments Strategy & Systems, Vol. 10, No. 1, pp. 13-27, 2016.

Euro Banking Association, Understanding the business relevance of Open APIs and Open Banking for banks, https://www.abe-eba.eu/publications/, 2016.

European Banking Authority, Consultation Paper on the security measures for operational and security risks of payment services under PSD2, 2017.

European Banking Authority, Guidelines on the information to be provided for the authorisation of payment institutions and e-money institutions and for the registration of account information service providers under Article 5(5) of Directive (EU) 2015/2366, 2017.

European Banking Authority, Guidelines on the security measures for operational and security risks of payment services under Directive (EU) 2015/2366 (PSD2), 2018.

European Commission, Fact Sheet - Payment Services Directive: frequently asked questions, https://ec.europa.eu/commission/presscorner/detail/en/memo_15_5793, 2018.

European Commission, The Directive on security of network and information systems (NIS Directive), https://ec.europa.eu/digital-single-market/en/network-and-information-security-nis-directive, August 7, 2019.

European Union Agency for Cybersecurity, Good practices on the implementation of regulatory technical standards MS approaches on PSD 2 implementation: commonalities in risk management and incident reporting, https://www.enisa.europa.eu/publications/good-practices-on-the-implementation-of-regulatory-technical-standards, 2018.

Financial Conduct Authority, [1] Payment Services and Electronic Money - Our Approach, The FCA’s role under the Payment Services Regulations 2017 and the Electronic Money Regulations 2011, https://www.fca.org.uk/firms/emi-payment-institutions-key-publications, 2019.

Financial Services Commission, “Press Releases, 2018. 7. 18,” http://www.fsc.go.kr/info/ntc_news_view.jsp?bbsid=BBS0030&page=1&sch1=subject&sword=%EB%A7%88%EC%9D%B4%EB%8D%B0%EC%9D%B4%ED%84%B0&r_url=&menu=7210100&no=32579, Aug 15, 2019.

Financial Services Commission, Credit Information Use and Protection Act, No. 16188, 2018.

Financial Services Commission, Electronic Financial Transactions Act, No. 14828, 2017.

Financial Services Commission, Press Releases, 2015. 1. 27, http://www.fsc.go.kr/info/ntc_news_view.jsp?bbsid=BBS0030&page=1&sch1=subject&sword=%EC%9C%B5%ED%95%A9&r_url=&menu=7210100&no=30227, Sep 30, 2019.

Financial Services Commission, Press Releases, 2018. 3. 20, http://www.fsc.go.kr/info/ntc_news_view.jsp?bbsid=BBS0030&page=1&sch1=subject&sword=%ED%95%80%ED%85%8C%ED%81%AC%20%ED%98%81%EC%8B%A0%20%ED%99%9C%EC%84%B1%ED%99%94%20%EB%B0%A9%EC%95%88&r_url=&menu=7210100&no=32368, Aug 15, 2019.

Financial Services Commission, Press Releases, 2019. 2. 25, http://www.fsc.go.kr/info/ntc_news_view.jsp?bbsid=BBS0030&page=1&sch1=subject&sword=%EA%B8%88%EC%9C%B5%EA%B2%B0%EC%A0%9C&r_url=&menu=7210100&no=32976, Aug 15, 2019.

Financial Services Commission, Regulation on Supervision of Credit Information Business, No. 2019-33, 2019.

Financial Services Commission, Regulation on Supervision of Electronic Financial Transactions, No. 2018-36, 2019.

Financial Supervisory Service, Manual for Authorization of Financial Institutions, http://www.fss.or.kr/fss/kr/bbs/view.jsp?bbsid=1207388946537&url=/fss/kr/1207388946537&idx=1549530368762, 2019.

Gozman, D., Hedman, J., Sylvest, K., and Bank, D., “Open Banking: Emergent Roles, Risks & Opportunities,” The 26th European Conference on Information Systems (ECIS), pp. 1-15, 2018.

Ju, Y. S., “The role of IT in Korean financial market from business ecosystem view,” Master’s Thesis, Korea University, 2008.

Kim, D. C. and Kim, I. S., “A Study on Cybersecurity Regulation for Financial Sector: Policy Suggestion based on New York’s Cybersecurity Regulation,” The Journal of Society for e-Business Studies, Vol. 23, No. 4, pp. 87-107, 2018.

Kim, E. K., “The Application of Fin-tech industry and Law in European Union,” Kangwon Law Review, Vol. 49, pp. 617-654, 2016.

Korea Internet & Security Agency, Information Security Management System[ISMS] Certification, https://isms.kisa.or.kr/main/isms/notice/ (Page3, No.28), Aug 15, 2019.

Korea Internet & Security Agency, Personal Information & Information Security Management System Certification Guidebook, https://isms.kisa.or.kr/main/ispims/notice/ (Page1, No.8), Sep 30, 2019.

Lee, H. K., “A Study on Regulations, Current Status and Implications of Electronic Finance and Financial Security in the U.S.,” Business Law Review, Vol. 31, No. 3, pp. 491-529, 2017.

Milne, A., “Competition policy and the financial technology revolution in banking,” DigiWorld Economic Journal, Vol. 103, pp. 145-161, 2016.

Ministry of Science and ICT and Korea Internet & Security Agency, 2017 Survey on Information Security : Business, http://www.kisa.or.kr/public/library/etc_View.jsp?regno=0099060&searchType=&searchKeyword=&pageIndex=4, 2018.

Ministry of Science and ICT, Press Releases, 2018. 11. 6, https://www.msit.go.kr/web/msipContents/contentsView.do?cateId=mssw311&artId=1411436, Aug 15, 2019.

National Information society Agency, NIA Special Report 2018-15, https://www.nia.or.kr/site/nia_kor/ex/bbs/View.do?cbIdx=82618&bcIdx=20329&parentSeq=20329, 2018.

National Institute of Standards and Technology, NIST Special Publication 800-30 Revision 1, Guide for Conducting Risk Assessments, https://csrc.nist.gov/publications/detail/sp/800-30/rev-1/final, 2012.

National Institute of Standards and Technology, NIST Special Publication 800-39, Managing Information Security Risk: Organization, Mission, and Information System View, https://csrc.nist.gov/publications/detail/sp/800-39/final, 2011.

Noctor, M., “PSD2: Is the banking industry prepared?,” Computer Fraud & Security, Vol. 2018, No. 6, pp. 9-11, 2018.

Office of the Comptroller of the Currency, OCC Begins Accepting National Bank Charter Applications From Financial Technology Companies, https://www.occ.gov/news-issuances/news-releases/2018/nr-occ-2018-74.html, Aug 8, 2019.

Park, J. S., Kim, M. J., and Hwang, B. I., “The development background and major trends of fintech,” The Journal of The Korean Institute of Communication Sciences, Vol. 33, No. 2, pp. 52-58, 2016.

The European Commission, Commission Delegated Regulation (EU) 2018/389 of 27 November 2017 supplementing Directive (EU) 2015/2366 of the European Parliament and of the Council with regard to regulatory technical standards for strong customer authentication and common and secure open standards of communication, OJ L Vol. 69, pp. 23-43, 2018.

The European Parliament and The Conucil of The European Union, Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC OJ L Vol. 337, pp. 35-127, 2015.

The Institute of Internal Auditors, IIA Position Paper: The three lines of defense in effective risk management and control, https://global.theiia.org/standards-guidance/recommended-guidance/Pages/The-Three-Lines-of-Defense-in-Effective-Risk-Management-and-Control.aspx, 2013.

Wolters, P. T. J. and Jacobs, B. P. F., “The security of access to accounts under the PSD2,” Computer Law & Security Review, Vol. 35, No. 1, pp. 29-41, 2019.