When It Comes to Regulatory Compliance, Identity and Access Management Rules

January 15, 2018
Dustin Maxey
Director of Product Marketing

This is the first in a four-part blog series, where I'll explore how financial services organizations can ensure compliance with regulations and protect against data breach, while delivering exceptional user experiences and facilitating agility and innovation.


Data security goes hand in hand with financial services, but regulations like PCI DSS and PSD2 make protecting customer information and transactions even more critical. And complicated. Financial services organizations are faced with more pressure than ever before to secure customer transactions, enforce data privacy and consent, and govern access to sensitive customer information. In an increasingly mobile world, where customer convenience and experience rule, adhering to a growing number of regulations is anything but easy.


While there is no cure-all for your compliance woes, you do have many tools to help you. Identity and access management (IAM) is used by organizations across a range of industries--that are also highly regulated and top targets for cyber crime--to ensure only the right people have access to the right things. A financial-grade IAM solution, like the Ping Identity Platform, can help you provide highly secure and seamless digital experiences, while also complying with the many regulations you face, including PCI DSS, PSD2 and others.

How IAM Helps You Comply with PCI DSS

For companies accepting credit card payments, the Payment Card Industry Data Security Standard (PCI DSS) defines requirements for securing credit, debit and cash card transactions and protecting cardholders against misuse of their personal information. Identity and access management solves for several of these requirements.


For starters, a capable IAM solution allows you to control access to cardholder data. The Ping Identity Platform ensures that each user has a unique ID, and that the apps, APIs and URLs that make cardholder data available are only accessible to those with the appropriate authorization. It also secures access to the cardholder data environment with the strong multi-factor authentication (MFA) that PCI DSS requires.


Identity and access management also enables secure sharing and protection of cardholder data stored in your directory. By governing access to this data on an attribute-by-attribute level, the Ping Identity Platform ensures that it is accessible only to those who need it, and limits access to only the information required. It also allows for safe storage by encrypting this data in every state, including at rest, during replication and in motion.


With an IAM solution like the Ping Identity Platform, you can ease the burden of compliance with PCI DSS and create a highly secure environment.

Solving for PSD2 & Open Banking with IAM

For financial institutions operating in Europe and the UK, PSD2 and Open Banking impose additional rules. PSD2 (an update to the 2007 EU Directive on Payment Services) requires financial institutions to expose open APIs to other banks and third-parties to allow access to customer account information with customer consent. Taking PSD2 a step further, the Open Banking Standards prescribes specific open API standards for financial institutions operating across the UK.


Identity and access management facilitates compliance with these regulations. Built on open standards, the Ping Identity Platform leverages OAuth 2.0 and OpenID Connect to comply with Open Banking standards. It allows you to securely store identity, policy and consent data, and use fine-grained data governance policies to share only necessary information with third-party providers. Even if you don't operate in Europe, sharing customer information in this way is the wave of the future.


Whether you're tackling PCI DSS, PSD2 or any of the many other regulations governing the financial services industry, the Ping Identity Platform can help you not only comply, but also remain agile to adapt to future developments. With a modern IAM solution, you can stay ahead of the curve and create a competitive advantage, while keeping compliance and security at the forefront. To learn more about financial-grade IAM solutions, visit www.pingidentity.com.