Revised Payment Service Directive: Understanding Its Technical Requirements for a Smooth and Secure Customer Experience
- LANGUAGE: English DATE: Thursday, November 16, 2017 TIME: 4:00pm CET, 10:00am EST, 7:00am PST
PSD2 will require 2 major technology thrusts: exposing and securing APIs for banking functions, and presenting strong authentication options for financial customers. Banks have to open up many of their core banking functions to enable the PSD2 ecosystem where Third Party Providers (TPPs) can directly initiate payment transfers and aggregate account information. Banks, TPPs, or even other FinTechs much present strong, risk-adaptive authentication methods for financial customers to use. Moreover, PSD2 even mandates the use of transactional and session-level runtime risk assessments. Few banks and FinTechs are in a position today to meet these technical requirements.
When PSD2 takes effect, banks across the European Union will be required to expose their core banking functions to these TPPs via APIs. It is imperative that banks begin now to build and lock down APIs in preparation for PSD2. We will take a look at the Open Banking APIs as well as some other competing API offerings, and discuss API security methods.
Strong Customer Authentication (SCA) is a 2nd primary technical requirement of PSD2. Banks and TPPs both must provide mechanisms to do at least 2-Factor Authentication for their customers. Risk adaptive authentication is preferred. Additionally, PSD2 states that financial transaction processors must employ User Behavioral Analytics for higher assurance outside of the SCA requirements.
In this KuppingerCole webinar, we’re going to discuss:
- The overview of PSD2 technical requirements
- Implementing and properly securing Open Banking APIs
- Prerequisites and relevant technologies for Strong Customer Authentication
In the first part of the webinar, John Tolbert, Lead Analyst at KuppingerCole, will talk about new opportunities and challenges PSD2 is going to unlock for banks, service providers and consumers. He will outline major technical requirements for implementing the directive and discuss their security implications.
In the second part, Urs Zurbuchen, Senior Security Consultant at Ergon, will present how important a combined approach of web application security and identity access management is to fulfill the necessary compliance requirements. Especially for strong customer authentication the market is in a constant change for the perfect second factor, fulfilling all security needs but also offering highest usability.
Airlock Suite deals with the issues of filtering and authentication in one complete and coordinated solution – setting standards for usability and services. Your internet applications enjoy reliable protection with the Airlock Web Application Firewall (WAF). Features include systematic control and filtering mechanisms with a variety of enhancement options.
Combine Airlock WAF with Airlock Login for reliable user authentication and authorization. But optimal security is not the only benefit: Airlock Login also delivers high usability and cost efficiency.
Airlock IAM is the suite's central authentication platform, including enterprise functions. With this product, customers, partners or employees log in just once for secure access to data and applications. Airlock IAM also automates user administration.
Airlock protects more than 30.000 applications, 15 million identities with a net promotor score of +53. The security Suite was launched in 2002.
Founded in 1984, Ergon Informatik AG is a leading developer of bespoke software solutions and products. The cornerstone of our success: 270 highly qualified IT specialists who are committed to creating value for the client, anticipating technological trends and designing solutions that generate competitive advantage. Ergon focuses on implementing major B2B projects.
- Contact person:
Mr. Levent Kara
+49 211 23707710
- Nov 16, 2017 4:00pm CET, 10:00am EST, 7:00am PST
Ohne Zweifel ist der 25. Mai 2018 im Kalender jedes IT-Spezialisten rot angestrichen. Denn an diesem Tag tritt die neue Datenschutz-Grundverordnung (General Data Protection Regulation, GDPR) in Kraft, welche die Art und Weise, in der personenbezogene Daten von in der EU ansässigen Unternehmen oder anderen Unternehmen, die in der Europäischen Union geschäftlich tätig sein möchten, behandelt werden, grundsätzlich verändert. Nachhaltig beeindruckt von den strengen Strafen, die im Rahmen der neuen Verordnung vorgesehen sind, sind Unternehmen eilig bemüht, sich auf die neuen rechtlichen, betrieblichen und technischen Herausforderungen vorzubereiten.
Managing customer information in a digitally transformed economy with numerous business partners demanding access is one of the most significant challenges today, and it will continue to evolve rapidly. Besides that, the challenge is to offer user-friendly login procedures via social media accounts, passwords or biometric devices while securing and respecting personal data at the same time CIW Europe is a joint Event with our Partner CXP (Le Groupe CXP, Paris, France).