Bug Bounty Program

Security is of utmost importance to VASCO as is maintaining a high security bar for our products and cloud services. As such, VASCO has launched a bug bounty program to expand the security evaluation of our products beyond our walls and tap into the large pool of highly skilled ethical hackers outside our company. The bug bounty program currently consists of two projects. The server-side project covers VASCO’s IDENTIKEY Authentication… Read more


Earlier this year, the New York State Department of Financial Services (NYDFS) significantly increased the cybersecurity requirements for any financial services company doing business in the state. Given that New York City is the “Financial Capital of the World”, there are few organizations unaffected by the Cybersecurity Requirements for Financial Services Companies regulation. Section 500.12, requires all covered entities to use multi-factor authentication (MFA) for any individual accessing the Covered Entity’s internal networks from an… Read more


Blockchain

Blockchain is one of the more exciting – and often misunderstood – emerging technologies. It essentially offers the ability to record and track transactions in a decentralized database (often referred to as a “ledger”). When a transaction occurs, everyone who has permission on the network knows about it. It’s tamper-proof and everything happens in real-time. This has disruptive implications for the banking and lending industry, which today uses other processes… Read more


ENISA Report

A recently published study from ENISA — the European Union Agency for Network and Information Security which advises member states and private sector organizations in implementing EU legislation, provides guidelines on how to take the appropriate measures to comply with the General Data Protection Regulation (GDPR). ENISA’s recommendation includes two-factor authentication and mobile application security as technical measures in high-risk situations. The GDPR becomes the main legal framework for data… Read more


Behavioral Biometrics: Improving Security and the Customer Experience

Before the Internet, customers who wanted to transact with their bank had only one option – a visit to their local branch for a face-to-face transaction. Now, in the mobile age, customers expect their banks to provide secure and easy access to the full suite of banking services via their mobile device. New channel, new challenges This demand for mobile transacting introduces banks and financial institutions to new challenges inherent… Read more


Android Malware

One of the key security issues facing organizations that support Android devices is the risk of rooting malware. A number of malware families on the Android mobile OS attempt to obtain root access once installed because the elevated privileges gained come in handy to perform malicious activities. There is, however, a way to detect rooting and protect your organization and mobile application users from malicious attacks – Runtime Application Self-Protection… Read more


Security of Internet Payments: Legislative Developments in Europe

In the ongoing discussion on PSD2, in late June the European Banking Authority (EBA) published its opinion on the European Commission’s proposed amendments to the PSD2 draft Regulatory Technical Standards (RTS) on Strong Customer Authentication and Common and Secure Communication. Below, we’ve included a simplified version of the debate about the amendments to help you navigate PSD2. The EBA’s opinions on the four amendments proposed by the Commission are as… Read more


July 6, 2017 - Guest Blogger Lars Birkeland, Marketing Director of Promon
PSD2 Creates Opportunities for Payment Providers but also Vulnerabilities to Mobile Users

Customers of the British retail bank Tesco Bank awoke in early 2017 to find their bank accounts drained of funds. The recent Tesco Bank hack has left the retail banking world reeling, searching for answers and more effective ways to secure themselves against future attacks. It has been revealed weaknesses in the bank’s mobile applications left the door open for cybercriminals to brute force their way in and take more than £2.5 million… Read more


EBA Eases Strong Customer Authentication Requirements under PSD2

On 23 February the European Banking Authority (EBA) proposed its final draft Regulatory Technical Standards (RTS) on Strong Customer Authentication and Common and Secure Communication (CSC) under PSD2 to the European Commission (EC). On 24 May the Commission sent a letter to the EBA, stating its intent to amend the final draft RTS. The EBA published this letter as well as the amended RTS on its website. The Commission proposes… Read more


Recent data breaches and malware phishing attacks have unfortunately become the “new norm” in today’s digital world. Cybercriminals target Internet users of all stripes to gain access to online accounts associated with an email address, such as online banking. A consumer alert from the IRS reported a 400% increase in online phishing and malware attacks during the 2016 U.S. tax season. Phishing attacks resulting from successful data breaches and stolen… Read more