Security of Internet Payments: Legislative Developments in Europe

In the ongoing discussion on PSD2, in late June the European Banking Authority (EBA) published its opinion on the European Commission’s proposed amendments to the PSD2 draft Regulatory Technical Standards (RTS) on Strong Customer Authentication and Common and Secure Communication. Below, we’ve included a simplified version of the debate about the amendments to help you navigate PSD2. The EBA’s opinions on the four amendments proposed by the Commission are as… Read more


July 6, 2017 - Guest Blogger Lars Birkeland, Marketing Director of Promon
PSD2 Creates Opportunities for Payment Providers but also Vulnerabilities to Mobile Users

Customers of the British retail bank Tesco Bank awoke in early 2017 to find their bank accounts drained of funds. The recent Tesco Bank hack has left the retail banking world reeling, searching for answers and more effective ways to secure themselves against future attacks. It has been revealed weaknesses in the bank’s mobile applications left the door open for cybercriminals to brute force their way in and take more than £2.5 million… Read more


EBA Eases Strong Customer Authentication Requirements under PSD2

On 23 February the European Banking Authority (EBA) proposed its final draft Regulatory Technical Standards (RTS) on Strong Customer Authentication and Common and Secure Communication (CSC) under PSD2 to the European Commission (EC). On 24 May the Commission sent a letter to the EBA, stating its intent to amend the final draft RTS. The EBA published this letter as well as the amended RTS on its website. The Commission proposes… Read more


Rise of Smart Authentication

It’s the 21st century marketing mantra: Never underestimate the power of ‘smart.’ After all, we have ‘smart’ phones, ‘smart TVs’, a ‘smart’ doorbell and yes, even a ‘smart’ dishwasher. Retail niches aside though, when it comes to the stuff that really matters, (like keeping your private information private), what about ‘smart’ authentication? As detailed in this Network World article, multifactor authentication strategies, while rising in popularity continue to be dogged… Read more


Using Mobile as an Upselling Channel in Financial Services

We rely on our bank’s mobile app to check balances, pay bills and transfer money electronically. But mobile consumers want (and expect) to do more. The logical next step, then, is to enable consumers to conduct all of the services offered online (and at their physical branches), on their mobile devices. That’s easier said than done. Most financial institutions have developed mobile apps that don’t provide adequate mobile capabilities and access to… Read more


EBA Eases Strong Customer Authentication Requirements under PSD2

On Thursday 23 February, the European Banking Authority (EBA) published its long-awaited final draft Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common and Secure Communication (CSC) under the revised Payment Services Directive (PSD2). In general the EBA has relaxed its requirements compared to the RTS in the EBA’s Consultation Paper from August 2016. Here are the most important changes: Transaction risk analysis. The final draft RTS introduces… Read more


iris scab

Before there were ‘preppers’ there were the sign holders, who would boldly proclaim, “The End is Near” on street corners, in football stadiums, and in fact anywhere large crowds gathered. Today, there are pundits (and others) in the security industry heralding a similar message, the end, or to really put a fine point on it, the death of static passwords is near. No surprise, really, on all the reasons why… Read more


Why Telehealth Needs Secure Patient Identification Practices

I recently registered as a patient on a leading telehealth provider’s website. I was very surprised around the lack of identity assurance.  The only verification requested was my insurance card and I had the option of skipping that step since insurance is not a prerequisite for service. WOW! In an era of stolen credit cards, stolen identities and ever prospering cybercrime, this is really not acceptable. Telehealth can become a… Read more


SMS Authentication

Banks and payment service providers sometimes rely on SMS to verify the identity of a person who wishes to make a wire transfer or confirm a payment. They send an SMS message with a one-time password (OTP) to the person’s mobile phone, and the user has to enter this OTP into the application of the bank or payment service provider. In this blog post I discuss whether SMS-based authentication will… Read more


Top 5 Security Stories in 2016

2016 was another stunning year in the battle against hackers. The bad guys were more than up to the task with new attacks and an endless display of innovation that challenged even the best security strategies. Yahoo’s topped their half-billion record breach with a billion-record breach, ransomware ran amok, DDoS attacks scaled to new heights, the endpoint grabbed major attention, and the U.S. political process ended up in Russia’s crosshairs…. Read more