PSD2: How the Final RTS Requirements Will Impact You - Update

On November 27, 2017, the European Commission published its final Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common and Secure Communication (CSC) under PSD2. With the release of the final PSD2 RTS requirements, banks of all sizes can now take action to develop a compliance strategy and implement effective security solutions for electronic remote payment transactions. The Revised Payment Services Directive, known as PSD2, harmonizes security requirements for… Read more


GDPR

Who owns your data, and what privacy laws govern it? Well, that depends on where you live. If you own it, you should have control over it. If you don’t own it, how secure is it? Recent data breaches that affected the majority of Americans have begun a national dialogue around the security of personal data. In fact, the high profile Equifax breach and others like it have prompted the… Read more


How Will the Final PSD2 RTS Requirements Impact You?

On November 27, 2017, the European Commission published its final Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common and Secure Communication (CSC) under PSD2. With the release of the final PSD2 RTS requirements, banks of all sizes can now take action to develop a compliance strategy and implement effective security solutions for electronic remote payment transactions. The Revised Payment Services Directive, known as PSD2, harmonizes security requirements… Read more


PCI DSS 3.2 Compliancy

On February 1, 2018, Requirement 8.3 of the Payment Card Industry Data Security Standard (PCI DSS 3.2) goes into effect, making multi-factor authentication mandatory for non-console access to computers and systems handling cardholder data, and remote access to the cardholder data environment (CDE). Earlier this year, the PCI Security Standards Council also issued guidance for multi-factor authentication implementations. PCI DSS 3.2 The PCI DSS applies to all entities involved in… Read more


The Berlin Group’s NextGenPSD2 conference

Many European banks, banking associations and fintech companies are currently waiting for the Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common and Secure Communication (CSC) to be adopted by the European Commission and Parliament. These RTS define the technical requirements for the communication interfaces (APIs) that banks have to provide to Third Party Providers (TPPs) in the future, and specify how banks have to authenticate users when… Read more


Earlier this year, the New York State Department of Financial Services (NYDFS) significantly increased the cybersecurity requirements for any financial services company doing business in the state. Given that New York City is the “Financial Capital of the World”, there are few organizations unaffected by the Cybersecurity Requirements for Financial Services Companies regulation. Section 500.12, requires all covered entities to use multi-factor authentication (MFA) for any individual accessing the Covered Entity’s internal networks from an… Read more


ENISA Report

A recently published study from ENISA — the European Union Agency for Network and Information Security which advises member states and private sector organizations in implementing EU legislation, provides guidelines on how to take the appropriate measures to comply with the General Data Protection Regulation (GDPR). ENISA’s recommendation includes two-factor authentication and mobile application security as technical measures in high-risk situations. The GDPR becomes the main legal framework for data… Read more


Security of Internet Payments: Legislative Developments in Europe

In the ongoing discussion on PSD2, in late June the European Banking Authority (EBA) published its opinion on the European Commission’s proposed amendments to the PSD2 draft Regulatory Technical Standards (RTS) on Strong Customer Authentication and Common and Secure Communication. Below, we’ve included a simplified version of the debate about the amendments to help you navigate PSD2. The EBA’s opinions on the four amendments proposed by the Commission are as… Read more


July 6, 2017 - Guest Blogger Lars Birkeland, Marketing Director of Promon
PSD2 Creates Opportunities for Payment Providers but also Vulnerabilities to Mobile Users

Customers of the British retail bank Tesco Bank awoke in early 2017 to find their bank accounts drained of funds. The recent Tesco Bank hack has left the retail banking world reeling, searching for answers and more effective ways to secure themselves against future attacks. It has been revealed weaknesses in the bank’s mobile applications left the door open for cybercriminals to brute force their way in and take more than £2.5 million… Read more


EBA Eases Strong Customer Authentication Requirements under PSD2

On 23 February the European Banking Authority (EBA) proposed its final draft Regulatory Technical Standards (RTS) on Strong Customer Authentication and Common and Secure Communication (CSC) under PSD2 to the European Commission (EC). On 24 May the Commission sent a letter to the EBA, stating its intent to amend the final draft RTS. The EBA published this letter as well as the amended RTS on its website. The Commission proposes… Read more