Electronic transactions based on the federation of electronic identification systems - a Polish perspective

The growth of electronic identification systems has been different for each European country during the past several years. European countries have different eID solutions based on whether the issuer is a government or a private eID provider. This article discusses the Federation of eID providers in Poland, which has become the national identification scheme. 

Read more

HTTPS Encryption and Attacks on Authentication in Remote Banking Services - a Russian Perspective

This article discusses the secure HTTPS Protocol intended for web-resources and its principles of operation as well as its strengths and weaknesses. It explains how attacks on HTTPS may lead to traffic being decrypted, particularly in systems for remote banking services and personal logins to web-resources.

Read more

Bridging the gap between eIDAS and Anti-Money Laundering Directives

Banks and other financial institutions are playing a key role in countering global challenges like money laundering and terror financing.

Read more

Applying Cryptographic Security Services - a NIST summary

This article summarizes the basic cryptographic security services that can be used to protect information (or as a supporting protective mechanism) against attacks, as described in the NIST Special Publication 800-57 (1, rev.4) for Key Management.

Read more

Electronic Signatures for Banking Operations in Russia - a benchmark with eIDAS

To read the Russian version of this article: Электронная подпись и ее применение в России

This article examines the use of cryptographic means for information security, and in particular, the electronic signature. It focuses on the use of electronic security signatures (ESS) in various sectors, including the domestic use of cryptographic algorithms and requirements of the Federal Security Service of Russia (FSB) for hardware and software.

Read more

The Consumer Financial Services Action Plan - Opportunities for the Banks

Complying with customer due diligence and KYC norms is perhaps the most important and time consuming aspect of initiating a new banking relationship. Yes, it is important to cover the credit risk, but the consequences of failing on the KYC or AML (Anti-Money Laundering) front are far more severe. This is the primary reason why many banks are spending billions annually on performing customer due diligence the old fashioned way. New EU guidelines and the tools that they provide aim to change just that.

Read more

Consumer Financial Services Action Plan - An Introduction

The EU single market produces an unmatched € 15trillion worth of goods and services annually. Such a large and unified market presents a great many opportunities for businesses willing to invest in it.

Read more

Strong cryptography and key management requirements for EMV and PCI DSS compliance

EMV chips on payment cards contain cryptographic co-processors and dual interfaces that allow for contact and contactless payment options. When issuing an EMV card, the customer’s information is extracted from the bank or financial institution’s database. The customer's information is then fed into a data preparation system where additional data is used to securely encrypt the customer’s information. This data includes digital certificates and cryptographic keys. The final step is the personalization process where this data is written to the EMV chip on the payment card.

Read more

Is non-repudiation really non-repudiable with digital signatures?

What does non-repudiation mean? Repudiation means to reject or deny the validity of something. Non-repudiation is a legal concept that is widely used in information security. It refers to any service, which provides proof of the origin of data and the integrity of the data. In other words, non-repudiation makes it very difficult to successfully deny who/where a message came from as well as the authenticity of that message.

Read more