EBA’s opinion on elements of Strong Customer Authentication under PSD2 – Part 2 – Possession and Knowledge

Financial institutions and solution providers are busy implementing the requirements of Strong Customer Authentication (SCA) under the Revised Payment Services Directive (PSD2) and the Regulatory Technical Standards (RTS). However, as with any new regulatory directive, there has been a certain amount of ambiguity as to what elements comply fully with the SCA constraints and what elements fall short. To remedy this, the European Banking Authority has been issuing its opinions on the technical requirements related to eIDAS, SCA and so on.

Read more

EBA’s Opinion on elements of Strong Customer Authentication under PSD2 – Part I - Inherence

A fundamental objective of the Revised Payment Services Directive (PSD2) has been to reduce the risk of fraud to the maximum extent possible and ensuring security for electronic payment transactions. PSD2, along with the Regulatory Technical Standards (RTS), defines Strong Customer Authentication as an “authentication based on the use of two or more elements categorised as knowledge (something only the user knows), possession (something only the user possesses) and inherence (something the user is) that are independent, in that the breach of one does not compromise the reliability of the others, and is designed in such a way as to protect the confidentiality of the authentication data”.

Read more

The PSD2 - Directive and Distributed Authentication

PSD2 breaks up the ways in which banks do their business, by forcing them to open up their APIs. By doing so, PSD2 challenges the way in which data was traditionally secured in banks.

Read more

Connecting Europe - eInvoicing and eIDAS

The EU has launched a number of initiatives to realize the aim of creating a unified Digital Single Market. The Connecting Europe Facility (CEF) is a funding instrument that provides the primary thrust for this initiative. The CEF uses certain underlying building blocks (known as Digital Service Infrastructures) to achieve this objective of providing an interconnected and unified marketplace.

Read more

Digital Identity and eIDAS in Banking

The eIDAS Regulation lays the groundwork for creating a robust digital identity framework. The idea is to provide EU citizens with a secure, robust and universal electronic identification that they can use to access private and public services anywhere within the EU.

One sector that is lapping up the new opportunities that eIDAS offers is banking. 

Read more

eIDAS and the Regulatory Technical Standards for Strong Customer Authentication

Last November saw the adoption of the Delegated Regulation on Regulatory Technical Standards (RTS) by the European Commission. The objective of this regulation is to provide for Strong Customer Authentication (SCA) and establish secure channels of communications.

Read more

Differences between Hash functions, Symmetric & Asymmetric Algorithms

Cryptographic algorithms can be categorized into three classes: Hash functions, Symmetric and Asymmetric algorithms. This article sheds light on their differences, purpose and main fields of application.

Read more

Digital Identity - How Social Media Is Changing How We Authenticate Our Identity

Throughout the last decade, social media has played a vital part in our lives and has significantly shaped the younger generations. Read more

Using 3D-Secure and Device Fingerprints for EMV Payments Against CNP Fraud

Credit cardholders are generally protected from liability if unauthorized transactions are made with their credit cards because of consumer protection laws and card policies. This leaves merchants and financial institutions on the hook for losses related to credit card fraud. According to an October 2016 Nilson Report, card issuers were burdened with 72 percent of fraudulent losses in 2015 while merchants were left with 28 percent of the losses.

Read more