Revised Payment Service Directive: Understanding Its Technical Requirements for a Smooth and Secure Customer Experience

  • LANGUAGE: English DATE: Thursday, November 16, 2017 TIME: 4:00pm CET, 10:00am EST, 7:00am PST
Upcoming Webinars
Revised Payment Service Directive: Understanding Its Technical Requirements for a Smooth and Secure Customer Experience
In less than 24 months, banks will have to comply with the Revised Payment Service Directive, commonly called "PSD2". The directive will introduce massive changes to the payments industry, removing the banks’ monopoly on their customer’s data. It will radically alter the user experience for customers of European banks by allowing third party payment service providers (TPP) to access their account information to provide various innovative financial services. But to achieve this, banks and TPPs must put the technical requirements in place in a secure way.

PSD2 will require 2 major technology thrusts: exposing and securing APIs for banking functions, and presenting strong authentication options for financial customers. Banks have to open up many of their core banking functions to enable the PSD2 ecosystem where Third Party Providers (TPPs) can directly initiate payment transfers and aggregate account information. Banks, TPPs, or even other FinTechs much present strong, risk-adaptive authentication methods for financial customers to use. Moreover, PSD2 even mandates the use of transactional and session-level runtime risk assessments. Few banks and FinTechs are in a position today to meet these technical requirements.

When PSD2 takes effect, banks across the European Union will be required to expose their core banking functions to these TPPs via APIs. It is imperative that banks begin now to build and lock down APIs in preparation for PSD2. We will take a look at the Open Banking APIs as well as some other competing API offerings, and discuss API security methods.

Strong Customer Authentication (SCA) is a 2nd primary technical requirement of PSD2. Banks and TPPs both must provide mechanisms to do at least 2-Factor Authentication for their customers. Risk adaptive authentication is preferred. Additionally, PSD2 states that financial transaction processors must employ User Behavioral Analytics for higher assurance outside of the SCA requirements.

In this KuppingerCole webinar, we’re going to discuss:

  • The overview of PSD2 technical requirements
  • Implementing and properly securing Open Banking APIs
  • Prerequisites and relevant technologies for Strong Customer Authentication

In the first part of the webinar, John Tolbert, Lead Analyst at KuppingerCole, will talk about new opportunities and challenges PSD2 is going to unlock for banks, service providers and consumers. He will outline major technical requirements for implementing the directive and discuss their security implications.

In the second part, Urs Zurbuchen, Senior Security Consultant at Ergon, will present how important a combined approach of web application security and identity access management is to fulfill the necessary compliance requirements. Especially for strong customer authentication the market is in a constant change for the perfect second factor, fulfilling all security needs but also offering highest usability.

Can’t attend the live session? Go ahead and register, and we’ll send you a link to the webcast recording

Speakers

Urs Zurbuchen ist Senior Security Consultant bei Airlock. Als Engineer und Consultant für Design und Implementation von IT Security Lösungen kennt er die Anforderungen an sichere Digitalisierungsprozesse, In der Konzeption und Integration von Web Application Security Lösungen (Web...


Lead Sponsor

Airlock Suite deals with the issues of filtering and authentication in one complete and coordinated solution – setting standards for usability and services. Your internet applications enjoy reliable protection with the Airlock Web Application Firewall (WAF). Features include systematic control and filtering mechanisms with a variety of enhancement options.
Combine Airlock WAF with Airlock Login for reliable user authentication and authorization. But optimal security is not the only benefit: Airlock Login also delivers high usability and cost efficiency.

Airlock IAM is the suite's central authentication platform, including enterprise functions. With this product, customers, partners or employees log in just once for secure access to data and applications. Airlock IAM also automates user administration.

Airlock protects more than 30.000 applications, 15 million identities with a net promotor score of +53. The security Suite was launched in 2002.

Founded in 1984, Ergon Informatik AG is a leading developer of bespoke software solutions and products. The cornerstone of our success: 270 highly qualified IT specialists who are committed to creating value for the client, anticipating technological trends and designing solutions that generate competitive advantage. Ergon focuses on implementing major B2B projects.

Register now for free!

Information

Webinar

Revised Payment Service Directive: Understanding Its Technical Requirements for a Smooth and Secure Customer Experience

Language:
English
Contact person:

Mr. Levent Kara
+49 211 23707710
lk@kuppingercole.com
  • Nov 16, 2017 4:00pm CET, 10:00am EST, 7:00am PST

Popular Webcasts

Next Webinar

Webinar

Compliance als Vorteil: Technische Anforderungen der GDPR für moderne digitale Unternehmen

Ohne Zweifel ist der 25. Mai 2018 im Kalender jedes IT-Spezialisten rot angestrichen. Denn an diesem Tag tritt die neue Datenschutz-Grundverordnung (General Data Protection Regulation, GDPR) in Kraft, welche die Art und Weise, in der personenbezogene Daten von in der EU ansässigen Unternehmen oder anderen Unternehmen, die in der Europäischen Union geschäftlich tätig sein möchten, behandelt werden, grundsätzlich verändert. Nachhaltig beeindruckt von den strengen Strafen, die im Rahmen der neuen Verordnung vorgesehen sind, sind Unternehmen eilig bemüht, sich auf die neuen rechtlichen, betrieblichen und technischen Herausforderungen vorzubereiten.

Next Conference

Conference

Consumer Identity World Europe 2017

Managing customer information in a digitally transformed economy with numerous business partners demanding access is one of the most significant challenges today, and it will continue to evolve rapidly. Besides that, the challenge is to offer user-friendly login procedures via social media accounts, passwords or biometric devices while securing and respecting personal data at the same time CIW Europe is a joint Event with our Partner CXP (Le Groupe CXP, Paris, France).

Become a Sponsor

Call

+49 211 23707710
Mo – Fr 8:00 – 17:00