Forrester Uncovers Trends in E-Signature Implementation

Electronic signature is a prerequisite and an important enabler for digital business. Organizations now have the tools to replace hybrid paper-digital processes with fully digital ones. However, most organizations have only begun the long journey of becoming digital businesses. This can’t be achieved without e-signatures, which keep processes 100% digital by automating straight-through processing and eliminating the need to drop to paper for signatures and approvals. In Forrester Research’s recently… Read more


PCI DSS 3.2 Compliancy

On February 1, 2018, Requirement 8.3 of the Payment Card Industry Data Security Standard (PCI DSS 3.2) goes into effect, making multi-factor authentication mandatory for non-console access to computers and systems handling cardholder data, and remote access to the cardholder data environment (CDE). Earlier this year, the PCI Security Standards Council also issued guidance for multi-factor authentication implementations. PCI DSS 3.2 The PCI DSS applies to all entities involved in… Read more


Faces of Fraud

Analysts wonder whether recent hacks like that of Equifax might serve as the tipping point for banks to rollout new anti-fraud measures, while in tandem, more than half of financial institutions surveyed lack confidence in their current ability to detect and prevent fraud. At least that’s what the 2017 Face of Fraud Survey, conducted by ISMG, experts in risk management research and data security analytics, and commissioned by VASCO recently… Read more


October 26, 2017 - Steven Murdoch, Frederik Mennes
Existing encryption's a casualty of the massive KRACK WiFi attack

The KRACK WiFi attack has exposed a major vulnerability that could impact millions of users around the world, creating a major new threat for security professionals, financial institutions, retailers and payment companies. But there are options to mitigate the risk. Read what Frederik Mennes and Steven Murdoch have to say on this important topic in an article recently contributed to Payment Source. Existing encryption is a casualty of the massive #KRACK #WiFi… Read more


The Berlin Group’s NextGenPSD2 conference

Many European banks, banking associations and fintech companies are currently waiting for the Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common and Secure Communication (CSC) to be adopted by the European Commission and Parliament. These RTS define the technical requirements for the communication interfaces (APIs) that banks have to provide to Third Party Providers (TPPs) in the future, and specify how banks have to authenticate users when… Read more


sms authentication

What a difference a year makes. As related in AppDev Magazine’s recent newsletter, just one year after NIST, the National Institute of Standards and Technology issued guidance that found SMS insecure and no longer suitable as a strong authentication mechanism; it has backpedaled to reduce their previously strong statements and instead offers a new, softer recommendation. According to this article, NIST proposed “deprecating” SMS 2FA last year because of vulnerabilities… Read more


Bug Bounty Program

Security is of utmost importance to VASCO as is maintaining a high security bar for our products and cloud services. As such, VASCO has launched a bug bounty program to expand the security evaluation of our products beyond our walls and tap into the large pool of highly skilled ethical hackers outside our company. The bug bounty program currently consists of two projects. The server-side project covers VASCO’s IDENTIKEY Authentication… Read more


Earlier this year, the New York State Department of Financial Services (NYDFS) significantly increased the cybersecurity requirements for any financial services company doing business in the state. Given that New York City is the “Financial Capital of the World”, there are few organizations unaffected by the Cybersecurity Requirements for Financial Services Companies regulation. Section 500.12, requires all covered entities to use multi-factor authentication (MFA) for any individual accessing the Covered Entity’s internal networks from an… Read more


Blockchain

Blockchain is one of the more exciting – and often misunderstood – emerging technologies. It essentially offers the ability to record and track transactions in a decentralized database (often referred to as a “ledger”). When a transaction occurs, everyone who has permission on the network knows about it. It’s tamper-proof and everything happens in real-time. This has disruptive implications for the banking and lending industry, which today uses other processes… Read more


ENISA Report

A recently published study from ENISA — the European Union Agency for Network and Information Security which advises member states and private sector organizations in implementing EU legislation, provides guidelines on how to take the appropriate measures to comply with the General Data Protection Regulation (GDPR). ENISA’s recommendation includes two-factor authentication and mobile application security as technical measures in high-risk situations. The GDPR becomes the main legal framework for data… Read more