Face ID

Face ID is fast becoming a differentiator for organizations that want to provide a frictionless mobile experience. While biometric authentication remains the exception and not yet the rule, the analyst community strongly believes digital businesses, especially banks, need to pay attention. For example, in the recent Hype Cycle for Digital Banking Transformation, 2017, Gartner recommends that digital businesses develop world-class capabilities in customer authentication, and specifically, biometric authentication. In response… Read more


According to a recent survey by Accenture, banks experience 85 attempted breaches on average each year. More than a third are successful in stealing sensitive information1. In 2017, those attempts ranged from account takeover fraud to mobile banking Trojans that enabled hackers to steal funds from victims’ bank accounts. Attacks such as Distributed Denial of Service (DDoS) — per Verizon, the most common form of attack against financial institutions —… Read more


Stolen Credentials on the Dark Web: A Reminder to Replace KBA with MFA

Recent news accounts of security researchers discovering a database containing 1.4 billion breached credentials — reportedly, the largest such find on the Dark Web — is yet more evidence that online identity proofing that relies only on KBA (knowledge based authentication) and static passwords is no longer fit-for-purpose. The level of sophistication that cybercriminals bring to the dark web is unfathomable. Not only is stolen data aggregated, it has been… Read more


Best Practices for Switching from Hardware to Software Tokens

The smartphone has become indispensable. According to Deloitte’s latest Global Mobile Consumer Trends1 report, a survey of 17 developed countries found that one in five consumers checks their phone >50 times a day. The explosive adoption of mobile apps and devices is changing how banks authenticate customers in the digital world. One trend we expect to continue into 2018 and beyond, is the drive to upgrade customer authentication technology from… Read more


PSD2: How the Final RTS Requirements Will Impact You - Update

On November 27, 2017, the European Commission published its final Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common and Secure Communication (CSC) under PSD2. With the release of the final PSD2 RTS requirements, banks of all sizes can now take action to develop a compliance strategy and implement effective security solutions for electronic remote payment transactions. The Revised Payment Services Directive, known as PSD2, harmonizes security requirements for… Read more


GDPR

Who owns your data, and what privacy laws govern it? Well, that depends on where you live. If you own it, you should have control over it. If you don’t own it, how secure is it? Recent data breaches that affected the majority of Americans have begun a national dialogue around the security of personal data. In fact, the high profile Equifax breach and others like it have prompted the… Read more


How Will the Final PSD2 RTS Requirements Impact You?

On November 27, 2017, the European Commission published its final Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common and Secure Communication (CSC) under PSD2. With the release of the final PSD2 RTS requirements, banks of all sizes can now take action to develop a compliance strategy and implement effective security solutions for electronic remote payment transactions. The Revised Payment Services Directive, known as PSD2, harmonizes security requirements… Read more


Authentication for E-Signature Transactions: Forrester Recommends Flexibility

Forrester Research just published a new report on e‑signature, The State Of E-Signature Implementation: 25 E-Signature Use Cases Show Adoption Trends. In it, Forrester analyzes electronic signature implementations from a cross-section of industries, including financial services, government, food services, tourism, manufacturing, retail and more. The growing European adoption of e-signatures for document signing is clear. More than 50% of the implementations presented in this report are in the EU, with representation… Read more


Forrester Uncovers Trends in E-Signature Implementation

Electronic signature is a prerequisite and an important enabler for digital business. Organizations now have the tools to replace hybrid paper-digital processes with fully digital ones. However, most organizations have only begun the long journey of becoming digital businesses. This can’t be achieved without e-signatures, which keep processes 100% digital by automating straight-through processing and eliminating the need to drop to paper for signatures and approvals. In Forrester Research’s recently… Read more


PCI DSS 3.2 Compliancy

On February 1, 2018, Requirement 8.3 of the Payment Card Industry Data Security Standard (PCI DSS 3.2) goes into effect, making multi-factor authentication mandatory for non-console access to computers and systems handling cardholder data, and remote access to the cardholder data environment (CDE). Earlier this year, the PCI Security Standards Council also issued guidance for multi-factor authentication implementations. PCI DSS 3.2 The PCI DSS applies to all entities involved in… Read more