GDPR

Who owns your data, and what privacy laws govern it? Well, that depends on where you live. If you own it, you should have control over it. If you don’t own it, how secure is it? Recent data breaches that affected the majority of Americans have begun a national dialogue around the security of personal data. In fact, the high profile Equifax breach and others like it have prompted the… Read more


How Will the Final PSD2 RTS Requirements Impact You?

On November 27, 2017, the European Commission published its final Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common and Secure Communication (CSC) under PSD2. With the release of the final PSD2 RTS requirements, banks of all sizes can now take action to develop a compliance strategy and implement effective security solutions for electronic remote payment transactions. The Revised Payment Services Directive, known as PSD2, harmonizes security requirements… Read more


Authentication for E-Signature Transactions: Forrester Recommends Flexibility

Forrester Research just published a new report on e‑signature, The State Of E-Signature Implementation: 25 E-Signature Use Cases Show Adoption Trends. In it, Forrester analyzes electronic signature implementations from a cross-section of industries, including financial services, government, food services, tourism, manufacturing, retail and more. The growing European adoption of e-signatures for document signing is clear. More than 50% of the implementations presented in this report are in the EU, with representation… Read more


Forrester Uncovers Trends in E-Signature Implementation

Electronic signature is a prerequisite and an important enabler for digital business. Organizations now have the tools to replace hybrid paper-digital processes with fully digital ones. However, most organizations have only begun the long journey of becoming digital businesses. This can’t be achieved without e-signatures, which keep processes 100% digital by automating straight-through processing and eliminating the need to drop to paper for signatures and approvals. In Forrester Research’s recently… Read more


PCI DSS 3.2 Compliancy

On February 1, 2018, Requirement 8.3 of the Payment Card Industry Data Security Standard (PCI DSS 3.2) goes into effect, making multi-factor authentication mandatory for non-console access to computers and systems handling cardholder data, and remote access to the cardholder data environment (CDE). Earlier this year, the PCI Security Standards Council also issued guidance for multi-factor authentication implementations. PCI DSS 3.2 The PCI DSS applies to all entities involved in… Read more


Faces of Fraud

Analysts wonder whether recent hacks like that of Equifax might serve as the tipping point for banks to rollout new anti-fraud measures, while in tandem, more than half of financial institutions surveyed lack confidence in their current ability to detect and prevent fraud. At least that’s what the 2017 Face of Fraud Survey, conducted by ISMG, experts in risk management research and data security analytics, and commissioned by VASCO recently… Read more


October 26, 2017 - Steven Murdoch, Frederik Mennes
Existing encryption's a casualty of the massive KRACK WiFi attack

The KRACK WiFi attack has exposed a major vulnerability that could impact millions of users around the world, creating a major new threat for security professionals, financial institutions, retailers and payment companies. But there are options to mitigate the risk. Read what Frederik Mennes and Steven Murdoch have to say on this important topic in an article recently contributed to Payment Source. Existing encryption is a casualty of the massive #KRACK #WiFi… Read more


The Berlin Group’s NextGenPSD2 conference

Many European banks, banking associations and fintech companies are currently waiting for the Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common and Secure Communication (CSC) to be adopted by the European Commission and Parliament. These RTS define the technical requirements for the communication interfaces (APIs) that banks have to provide to Third Party Providers (TPPs) in the future, and specify how banks have to authenticate users when… Read more


sms authentication

What a difference a year makes. As related in AppDev Magazine’s recent newsletter, just one year after NIST, the National Institute of Standards and Technology issued guidance that found SMS insecure and no longer suitable as a strong authentication mechanism; it has backpedaled to reduce their previously strong statements and instead offers a new, softer recommendation. According to this article, NIST proposed “deprecating” SMS 2FA last year because of vulnerabilities… Read more


Bug Bounty Program

Security is of utmost importance to VASCO as is maintaining a high security bar for our products and cloud services. As such, VASCO has launched a bug bounty program to expand the security evaluation of our products beyond our walls and tap into the large pool of highly skilled ethical hackers outside our company. The bug bounty program currently consists of two projects. The server-side project covers VASCO’s IDENTIKEY Authentication… Read more