Compliance and Beyond

On January 13^th, 2018 a new set of rules for banking came into force that open up the market by allowing new companies to offer electronic payment services.  On November 27^th, 2017 the European Union published and press release and a draft Regulatory Technical Standard (RTS) on strong authentication.

On the one hand the press release says that – “thanks to PSD2 consumers will be better protected when they make electronic payments or transactions because the RTS makes strong customer authentication (SCA) the basis for accessing one's payment account, as well as for making payments online”.  However, the RTS explicitly excludes preventing Payment Service Providers (PSP) from using the customer account credentials or imposing redirection to the Account Service Provider for authentication.

This session will discuss the security implications of this RTS on the use of proven industry standards such as OpenID and SAML as part secure authentication for open banking.