Guillaume Forget

Exploring the value chain of remote QES in a complex business ecosystem

Signing is a way of showing consent when different stakeholders agree on something and the digital production of a signature is no different. Digital signature processes are integrated in a global ecosystem, where the signature represents the deliberate consent of a signatory so that a contract or transaction can be executed in a non-repudiable way in accordance with contract fulfillment and legal requirements.

Read more

Bridging a link between PSD2 and eIDAS

Following the revised Payment Service Directive (PSD2), banks in the EEA are required to enable their customers (users) to grant third party providers (TPPs) access to

Read more

The eIDAS regulation: A new dawn of digital opportunity for banks

This article was originally published in the Banking Automation Bulletin , Issue 352

Read more

The eIDAS regulation is coming. How can banks benefit from it?

As of 1st July 2016, the first phase of the EU’s new regulation on electronic identification (eIDAS) will become enforceable. But amid all the confusion about its implications among both EU banking executives and their security experts, Guillaume Forget, Director of Product Management at Cryptomathic explores why banks still have a lot to be excited about.

Read more

Regain control of cryptographic keys in large organisations with centralised key management

This article describes from a CISO perspective how to manage and protect security assets in large organisations, i.e. the cryptographic keys and suggests adequate procedures and systems.

2/3 of organizations with public facing vulnerable to hacker attacks

The Heartbleed security vulnerability, publicised in March 2014, received an abundance of media attention as it exposed over 1 million web servers worldwide relying on OpenSSL version 1.0.1. The bug was corrected shortly after the leak with the release of OpenSSL v1.0.1g on April 7th 2014. However, estimates suggest that around 2/3 of organisations with public-facing systems are still vulnerable to the attack.

Read more

How to protect mobile banking and payment apps from malicious app attacks

We are constantly reminded by news stories how complex it can be to secure mobile banking and payments apps. A recent study has found that 11% percent of Android banking apps are suspicious, which is enough to frighten many banking app service

Read more

Secure Mobile Transactions – Fact or Fiction? Part 2 of 2

...continued from Part 1

The threat model

Malicious mobile device hackers have a variety of goals. Foremost is monetary gain, but retribution, anarchy, curiosity and perceived public good can all be part of the motivation. The attackers can be grouped by resource levels and goals, as illustrated in table 1.

Table 1: An example of how mobile security attackers can be categorised by resources and goals.

Understanding the motivation of a hacker highlights that a good mobile security strategy must not only defend both against specific mobile threats, but also more generic threats such as reputational or ethical attacks.

Read more

Secure Mobile Transactions – Fact or Fiction? Part 1 of 2

With mobile devices being used for more credentialing based activities, the question of mobile security is becoming increasingly important. The mobile security landscape, however, is still immature, so how can service providers successfully deliver secure mobile services today?

Read more

Where 2FA and PKI Meet

Under pressure from sophisticated attacks and rising fraud, many B2C organisations of the financial industry are currently enhancing the static password based authentication to their web applications to something stronger - the 2FA age. 2-Factor Authentication (2FA) is currently achieving large scale deployments and consumer adoption where PKI failed a few years ago.

From a technical standpoint, PKI offers significant benefits including the possibility to sign tran

Read more