Revised Payment Service Directive: Understanding Its Technical Requirements for a Smooth and Secure Customer Experience
- LANGUAGE: English DATE: Thursday, November 16, 2017 TIME: 4:00pm CET, 10:00am EST, 7:00am PST
In less than 24 months, banks will have to comply with the Revised Payment Service Directive, commonly called "PSD2". The directive will introduce massive changes to the payments industry, removing the banks’ monopoly on their customer’s data. It will radically alter the user experience for customers of European banks by allowing third party payment service providers (TPP) to access their account information to provide various innovative financial services. But to achieve this, banks and TPPs must put the technical requirements in place in a secure way.
PSD2 will require 2 major technology thrusts: exposing and securing APIs for banking functions, and presenting strong authentication options for financial customers. Banks have to open up many of their core banking functions to enable the PSD2 ecosystem where Third Party Providers (TPPs) can directly initiate payment transfers and aggregate account information. Banks, TPPs, or even other FinTechs much present strong, risk-adaptive authentication methods for financial customers to use. Moreover, PSD2 even mandates the use of transactional and session-level runtime risk assessments. Few banks and FinTechs are in a position today to meet these technical requirements.
When PSD2 takes effect, banks across the European Union will be required to expose their core banking functions to these TPPs via APIs. It is imperative that banks begin now to build and lock down APIs in preparation for PSD2. We will take a look at the Open Banking APIs as well as some other competing API offerings, and discuss API security methods.
Strong Customer Authentication (SCA) is a 2nd primary technical requirement of PSD2. Banks and TPPs both must provide mechanisms to do at least 2-Factor Authentication for their customers. Risk adaptive authentication is preferred. Additionally, PSD2 states that financial transaction processors must employ User Behavioral Analytics for higher assurance outside of the SCA requirements.
In this KuppingerCole webinar, we’re going to discuss:
- The overview of PSD2 technical requirements
- Implementing and properly securing Open Banking APIs
- Prerequisites and relevant technologies for Strong Customer Authentication
In the first part of the webinar, John Tolbert, Lead Analyst at KuppingerCole, will talk about new opportunities and challenges PSD2 is going to unlock for banks, service providers and consumers. He will outline major technical requirements for implementing the directive and discuss their security implications.
In the second part, Martin Burkhart, Head of Product Management at Ergon, will present how important a combined approach of web application security and identity access management is to fulfill the necessary compliance requirements. Especially for strong customer authentication the market is in a constant change for the perfect second factor, fulfilling all security needs but also offering highest usability.
Airlock Suite deals with the issues of filtering and authentication in one complete and coordinated solution – setting standards for usability and services. Your internet applications enjoy reliable protection with the Airlock Web Application Firewall (WAF). Features include systematic control and filtering mechanisms with a variety of enhancement options.
Combine Airlock WAF with Airlock Login for reliable user authentication and authorization. But optimal security is not the only benefit: Airlock Login also delivers high usability and cost efficiency.
Airlock IAM is the suite's central authentication platform, including enterprise functions. With this product, customers, partners or employees log in just once for secure access to data and applications. Airlock IAM also automates user administration.
Airlock protects more than 30.000 applications, 15 million identities with a net promotor score of +53. The security Suite was launched in 2002.
Founded in 1984, Ergon Informatik AG is a leading developer of bespoke software solutions and products. The cornerstone of our success: 270 highly qualified IT specialists who are committed to creating value for the client, anticipating technological trends and designing solutions that generate competitive advantage. Ergon focuses on implementing major B2B projects.
In the era when data has replaced oil as the most valuable commodity, APIs have become an important logistical foundation of modern digital business. As a result, APIs have also become a popular target for cyber attackers, and therefore effective API security is essential. However, focusing only on the operational aspects is no longer enough.