EBA Eases Strong Customer Authentication Requirements under PSD2

On Thursday 23 February, the European Banking Authority (EBA) published its long-awaited final draft Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common and Secure Communication (CSC) under the revised Payment Services Directive (PSD2). In general the EBA has relaxed its requirements compared to the RTS in the EBA’s Consultation Paper from August 2016. Here are the most important changes: Transaction risk analysis. The final draft RTS introduces… Read more


February 10, 2017 - David Vergara

In their third quarter 2016 earnings report, Bank of America said that 20 percent of its total sales were digital and 27 percent of those sales were over mobile devices. The bank reported that it now has over 21 million mobile customers. And similar growth is being seen across the banking industry, so there’s no doubt that the mobile channel is a strong contributor to bank growth. As the proverb says,… Read more


SMS Authentication

Banks and payment service providers sometimes rely on SMS to verify the identity of a person who wishes to make a wire transfer or confirm a payment. They send an SMS message with a one-time password (OTP) to the person’s mobile phone, and the user has to enter this OTP into the application of the bank or payment service provider. In this blog post I discuss whether SMS-based authentication will… Read more


Top 5 Security Stories in 2016

2016 was another stunning year in the battle against hackers. The bad guys were more than up to the task with new attacks and an endless display of innovation that challenged even the best security strategies. Yahoo’s topped their half-billion record breach with a billion-record breach, ransomware ran amok, DDoS attacks scaled to new heights, the endpoint grabbed major attention, and the U.S. political process ended up in Russia’s crosshairs…. Read more


November 25, 2016 - Guest Blogger Lars Birkeland, Marketing Director of Promon
Tesla cars can be stolen by hacking the app

Our researchers have demonstrated that because of lack of security in the Tesla smartphone app, cyber criminals could take control of the company’s vehicles, to the point where they can track and locate the car in real-time, and unlock and drive the car away unhindered. Such a hack gives criminals total control of the vehicle, providing additional functionality to that exposed by Keen Security Labs in a different hack in… Read more


November 15, 2016 - Guest Blogger Lars Birkeland, Marketing Director of Promon
A total of 89 per cent of users wouldn’t know if their mobile device had been cyber attacked

A recent survey by app security specialist Promon has revealed that mobile users are massively unaware of cyber threats, with an overwhelming 89 per cent of respondents admitting they wouldn’t know if their device has been infected through a cyber attack. Users’ lack of awareness of mobile threats presents a significant challenge for businesses across every sector, meaning companies need to take extra steps to secure their customers’ data. Avoiding… Read more


The silent nature of all mobile attacks is what makes them so damaging. Sadly, users are still their own worst enemy as they are not taking the safeguards to help protect themselves in digital mobile market today. As reported by Infosecurity Magazine, today, only 45% report locking their phone with a pin, password or biometric. Yet 83% of consumers are extremely, very or somewhat concerned about Identity theft in America… Read more


How to win Pokémon Go (by cheating)

What RASP can do for your app The hottest game in the market today is the new release Pokémon Go, developed by Niantic.  The game forces you to go outside and interact with the real world (in a safe manner, hopefully).  As you walk around, Pokémon appear and allow you to toss Pokéballs at them in an attempt to catch them all.  The more you walk the more you can… Read more


August 8, 2016 - John Gunn
5 Ways That DEF CON Totally Owned Black Hat

The world’s most influential IT security gatherings just concluded and it was bigger and badder than ever. It is magnificently convenient that the two most important conferences, Black Hat and DEF CON, happen the same week in the same city. For two confabs serving the same industry, you won’t find two more distinctly dissimilar events anywhere else. While the overlap in audience is huge (it seemed like every attendee at… Read more


The debate over the relative importance of mobile banking was settled long ago. Mobile banking is already the number one channel for many customers of financial institutions, it is being used by about half of those with a banking relationship, it has grown to become the number two preferred channel overall and will soon become number one, and there is nothing on the horizon that can reverse these trends. Unlike… Read more