• TYPE: Expert Talk DATE: Wednesday, May 16, 2018 TIME: 17:30-18:30 LOCATION: WINTER GARDEN
Experts Stage II


The new Payment Services Directive 2 is compelling European banking actors to open their services to outside partners. Most banking actors were not fully ready for the exposition of the services that were, until then, strongly kept for inside use. Some initiatives such as Open Banking(UK) and STET(FR) have established OAuth2 as the main standard for authentication, authorization and user consent. However all requirements cannot be directly addressed by the current state of the specifications. Despite some additions by the Financial API initiative such as TLS certificate authentication a few issues still elude the standards

Is there a way to handle out-of-band authentication for the user without forcing multiple redirections on his device? What implementation of OAuth2 can bring an answer for business-driven authentication step-up at run time and transaction-based authentication? Is there a way to make the user experience simpler and lighter during authentication and avoid window flickering on mobile devices but keep the right security level?

In this session we will explain PSD2 requirements on customer authentication and what it implies for banks and we will also shine light on some of the answers that were brought when the standards came short.

Key Takeaways:

  • What does PSD2 require from European banks regarding identity security?
  • How can the OAuth2 and OpenID standards answer those requirements and what are they coming short for?
  • What answers have been found to those limitations?


I graduated from Supelec, with a major in network and systems security. I have been working as a consultant for Wavestone the French Wavestone consulting firm for 12 years, in security matters pertaining to identity management and cryptography. My main activities consist in providing technical...

PSD2 will revolutionize the portability of Identity not only for the banking industry but for everyone. While the intent is to increase participation in the payments industry but architecting for PSD2 will change the way consumer identity is shared, protected and self-managed. In this session, we will explore the requirements of PSD2, best practices for achieving these requirements and we will demonstrate a testbed for PSD2 that can enable fast adoption.


Jordi Gascon is a Senior Presales Director for Cibersecurity at CA Technologies EMEA. His responsibility covers working with CA sales and delivery groups across the EMEA region to analyze and design the technology solution that best meets customers’ and partners’ needs. In this...

In an era of fake news, data breaches, and the GDPR, earning consumers’ trust is a “must.” Come to this session to discover the SAP Customer Data Cloud from Gigya, your comprehensive solution for capturing consent and preferences, enabling customer control of personal data, and turning consumer data privacy into your market advantage.


Yaron joined Gigya, now a part of SAP, in 2017 and headed product strategy for the company's enterprise preference and consent management solution. He has over 18 years of experience in senior product management positions in adtech, enterprise software, consumer applications, and entertainment...

Log in to download presentations:  


Session Links

Munich, Germany


European Identity & Cloud Conference 2018

Registration fee:
€1980.00 $2475.00 S$3168.00 21780.00 kr
Mastercard Visa American Express PayPal INVOICE
Contact person:

Mr. Levent Kara
  • May 15 - 18, 2018 Munich, Germany