A key management system is a critical component in achieving PCI DSS compliance for a banking institution. It involves implementing a crypto system that manages the secure creation, exchange, distribution, storage and use of cryptographic keys for the ultimate goal of protecting users’ or clients’ sensitive data.

PSD2 breaks up the ways in which banks do their business, by forcing them to open up their APIs. By doing so, PSD2 challenges the way in which data was traditionally secured in banks.

The eIDAS Regulation creates a pan European market for electronic Trust Services (eTS). This includes things like electronic signatures and seals, electronic service delivery, website authentication and time stamps. The major thrust of the Regulation is towards ensuring that these mechanisms, when used, get the same legal status as conventional paper-based alternatives - across borders, throughout the EU.

With the increasing dependence on cryptography to protect digital assets and communications, the ever-present vulnerabilities in modern computing systems, and the growing sophistication of cyber attacks, it has never been more important, nor more challenging, to keep your cryptographic keys safe and secure. A single compromised key could lead to a massive data breach with the consequential reputational damage, punitive regulatory fines and loss of investor and customer confidence.

The Payment Service Directive 2 (PSD2) allows non-banks to provide payment services which before were reserved for banks only. The market of services initiating a payment transaction or getting information about account balance will grow, and will also be open for new business models and technologies. The Directive and its implementation standards require all transactions to be handled through secure channels and all data shall be protected regarding authenticity and integrity.

In Part 1 of our series exploring the wide footprint of the eIDAS regulation, we looked things like PSD2, the European Citizen’s Initiative and the eHealth Governance Initiative. However, these are just a few examples of the many applications of the eIDAS mechanisms. In this part, we look at some other interesting applications including Social Security and the prevention of Money Laundering.

The eIDAS regulation is a key foundational stone in the creation of the pan-European Digital Single Market. It provides the essential elements to build a robust and secure electronic identification system and reliable trust services. Without the tools that eIDAS enables, a number of other EU directives and initiatives would not be able to function effectively - or at all.

 eSeal - solution for legal persons

The eIDAS regulation introduced Electronic Seals as a solution for legal entities, allowing them to protect authenticity and integrity of electronic documents and data. An Electronic Seal is based on the same technology as an Electronic Signature and also can be Advanced and Qualified. A Qualified Electronic Seal is verified with Qualified Certificate.

Most people will probably agree that encrypting your sensitive data is the right thing to do. Not only is it the technique of choice to meet multiple compliance mandates, depending on the market your business operates in, this might be PCI, HIPAA, NERC-CIP or more general regulations like GDPR or PSD2. Encryption also helps you to achieve a higher level of resilience against data breaches and ultimately protects your organization from the impacts on reputation and the costs involved.