The cryptographic protection of a system against attacks and malicious penetration depends on two dimensions: (1) The strength of the keys and the effectiveness of mechanisms and protocols associated with the keys; and (2) the protection of the keys through key management (secure key generation, storage, distribution, use and destruction).

Managing cryptographic relationships and crypto key lifecycles can be challenging even in small scale environments. For those CISOs and IT Security Professionals that live in the world of international crypto architectures, such as those found in banking and finance, the list of barriers to success can become overwhelming.

This article introduces and classifies cryptographic key types and crypto-periods as suggested by NIST, based on proven best practices for key management. It outlines the recommendations of when and how keys are used to protect data and explains how appropriate crypto-periods can be chosen and enforced.

In this article, we will review some of the constraints of an EMV tokenization solution when it comes to FIPS and more generally, NIST considerations.

Financial institutions and solution providers are busy implementing the requirements of Strong Customer Authentication (SCA) under the Revised Payment Services Directive (PSD2) and the Regulatory Technical Standards (RTS).

A fundamental objective of the Revised Payment Services Directive (PSD2) has been to reduce the risk of fraud to the maximum extent possible and ensuring security for electronic payment transactions.

New digital portal streamlines banking client onboarding while addressing AML, eIDAS and PSD2 requirements.

The Electronic Identification and Trust Services Regulation (EU Regulation 910/2014/EC - also known as eIDAS) is a complex set of laws (including technical standards) that raise the bar for providing electronic trust services throughout all EU member states. This article tries to help in the decision making process of choosing between implementing Advanced or Qualified Electronic Signatures in the context of eIDAS.

This article discusses the benefits eIDs provide for both banks and customers in streamlining cross-border transactions and what is required under eIDAS for identity verification and client onboarding.