Revised Payment Service Directive: Understanding Its Technical Requirements for a Smooth and Secure Customer Experience
- LANGUAGE: English DATE: Thursday, November 16, 2017 TIME: 4:00pm CET, 10:00am EST, 7:00am PST
PSD2 will require 2 major technology thrusts: exposing and securing APIs for banking functions, and presenting strong authentication options for financial customers. Banks have to open up many of their core banking functions to enable the PSD2 ecosystem where Third Party Providers (TPPs) can directly initiate payment transfers and aggregate account information. Banks, TPPs, or even other FinTechs much present strong, risk-adaptive authentication methods for financial customers to use. Moreover, PSD2 even mandates the use of transactional and session-level runtime risk assessments. Few banks and FinTechs are in a position today to meet these technical requirements.
When PSD2 takes effect, banks across the European Union will be required to expose their core banking functions to these TPPs via APIs. It is imperative that banks begin now to build and lock down APIs in preparation for PSD2. We will take a look at the Open Banking APIs as well as some other competing API offerings, and discuss API security methods.
Strong Customer Authentication (SCA) is a 2nd primary technical requirement of PSD2. Banks and TPPs both must provide mechanisms to do at least 2-Factor Authentication for their customers. Risk adaptive authentication is preferred. Additionally, PSD2 states that financial transaction processors must employ User Behavioral Analytics for higher assurance outside of the SCA requirements.
In this KuppingerCole webinar, we’re going to discuss:
- The overview of PSD2 technical requirements
- Implementing and properly securing Open Banking APIs
- Prerequisites and relevant technologies for Strong Customer Authentication
In the first part of the webinar, John Tolbert, Lead Analyst at KuppingerCole, will talk about new opportunities and challenges PSD2 is going to unlock for banks, service providers and consumers. He will outline major technical requirements for implementing the directive and discuss their security implications.
In the second part, Martin Burkhart, Head of Product Management at Ergon, will present how important a combined approach of web application security and identity access management is to fulfill the necessary compliance requirements. Especially for strong customer authentication the market is in a constant change for the perfect second factor, fulfilling all security needs but also offering highest usability.
Airlock Suite deals with the issues of filtering and authentication in one complete and coordinated solution – setting standards for usability and services. Your internet applications enjoy reliable protection with the Airlock Web Application Firewall (WAF). Features include systematic control and filtering mechanisms with a variety of enhancement options.
Combine Airlock WAF with Airlock Login for reliable user authentication and authorization. But optimal security is not the only benefit: Airlock Login also delivers high usability and cost efficiency.
Airlock IAM is the suite's central authentication platform, including enterprise functions. With this product, customers, partners or employees log in just once for secure access to data and applications. Airlock IAM also automates user administration.
Airlock protects more than 30.000 applications, 15 million identities with a net promotor score of +53. The security Suite was launched in 2002.
Founded in 1984, Ergon Informatik AG is a leading developer of bespoke software solutions and products. The cornerstone of our success: 270 highly qualified IT specialists who are committed to creating value for the client, anticipating technological trends and designing solutions that generate competitive advantage. Ergon focuses on implementing major B2B projects.
GDPR is here to stay and the new ePrivacy regulation is on the horizon, but many organizations are still not yet in full state of compliance. A core requirement for compliance with GDPR is the concept of “consent,” which is fairly new for most data controllers. Now, with the GDPR regulation in force, parties processing personally identifiable information need to ask the user for his/her consent to do so and let the user revoke that consent any time and as easily as it was given.
The Consumer Identity World Tour is the place where you get input for your perfect CIAM Strategy. Learn more about Privacy by Design, Consent Life Cycle Management and the needs of your customers. Get to know how to secure their personal information in a strategic and user-friendly way.