How to Deal with the EU PSD2 Strong Authentication Requirements
Facebook Twitter LinkedIn

How to Deal with the EU PSD2 Strong Authentication Requirements

Combined Session
Wednesday, March 01, 2017 14:30—15:00

The revised EU Payment Services Directive (PSD2) introduces a number of new requirements that have massive impact on the finance industry. Aside the open APIs that need to be provided (and secured), the defined requirements for strong authentication of payments are the most challenging new regulatory requirement.

PSD2 mandates the use of multi-factor authentication (MFA), concretely two-factor authentication based on different devices (2FA), for all payments above 10 €. It does not allow relying on one-factor authentication in combination with risk-based analytics solely. This has raised massive critics towards the EBA. However, instead of criticizing, what organizations need to do is to find the solution that works for them in both meeting the regulatory requirements and really mitigating risks.

Notably (and fortunately), PSD II does not prohibit the use of risk-based authentication – it just must rely on at least two factors. Furthermore, PSD II does not go into detail regarding the strength of the two factors, giving providers a broad variety of options for implementing the authentication approach. Thus, neither banks nor credit card companies nor other payment providers must fear for their business. They can meet the PSD II requirements and reduce their fraud risk.

This session will look in detail at the requirements for strong authentication introduced by PSD2, their impact on various groups of payment providers, and propose concrete approaches for these to meet these requirements.

How to Deal with the EU PSD2 Strong Authentication Requirements
Presentation deck
How to Deal with the EU PSD2 Strong Authentication Requirements
Click here to download the slide deck. Please note that downloads are only available for event participants and subscribers. You'll need to log in to download it.
Martin Kuppinger
Martin Kuppinger
KuppingerCole
Martin Kuppinger is Founder and Principal Analyst at KuppingerCole, a leading analyst company for identity focused information security, both in classical and in cloud environments. Prior to...
Subscribe for updates
Please provide your email address