PSD2: Creating a Secure Execution Environment for Mobile Banking Apps

The following article, authored by Frederik Mennes, Senior Manager Market & Security Strategy at the OneSpan Security Competence Center, first appeared 06/2018 in German on IT Finanzmagazin. The revised Payment Services Directive, also known as PSD2, pays a lot of attention to the security of mobile banking apps, mobile payment apps, mobile wallets, and other apps that offer payment functionality…. Read more


Online Banking

This blog was inspired by an article by Frederik Mennes that first appeared on Techzine. In recent years, open banking has received a lot of attention in the financial services sector. Open banking means that banks open their systems to authorized third-party financial service providers, so these companies can initiate and process payments and financial transactions at the request of… Read more


Digital Encryption

The following article, authored by Michael Magrath, Director, Global Regulations & Standards, first appeared 4/13/18 on CSO Online. Seven years ago, the Obama Administration published the National Strategy for Trusted Identities in Cyberspace (NSTIC).  NSTIC called for an Identity Ecosystem, “an online environment where individuals and organizations will be able to trust each other because they follow agreed upon standards… Read more


Capture GDPR Consent and Sign GDPR Contracts with E-Signatures

On May 25, 2018, the General Data Protection Regulation (GDPR) becomes the main legal framework for data protection in the EU. Under the GDPR, EU citizens must consent to the processing of their personal data – and data controllers must meet strict requirements for capturing that consent. In fact, the conditions to obtain consent have been fundamentally redefined compared to… Read more


Frederik Mennes

One of the most discussed requirements of the final Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common and Secure Communication (CSC) under PSD2 is the requirement to perform so-called “dynamic linking” to authenticate a financial transaction. The dynamic linking requirement has three parts. First, it requires a payer to authenticate a financial transaction by calculating an authentication… Read more


Multi-Factor Authentication

The following article, authored by Michael Magrath, Director, Global Regulations & Standards, first appeared 2/28/18 on CSO Online. The New York State Department of Financial Services (DFS) regulates over 1,400 insurance companies and approximately 1,500 banks and financial institutions1. Not surprisingly, with New York being the “financial capital of the world,” the overwhelming majority of U.S. financial institutions and many… Read more


Windows Logon

In light of constantly evolving cybersecurity risks, businesses must take strong measures to secure internal and remote network access by employees. Today’s workforce requires convenient anytime, anywhere access to web, mobile and cloud networks, applications and resources. Clearly, timely access to information drives business forward. At the same time, organizations must prevent security breaches, and maintain continuous compliance with security… Read more


According to a recent survey by Accenture, banks experience 85 attempted breaches on average each year. More than a third are successful in stealing sensitive information1. In 2017, those attempts ranged from account takeover fraud to mobile banking Trojans that enabled hackers to steal funds from victims’ bank accounts. Attacks such as Distributed Denial of Service (DDoS) — per Verizon,… Read more


PSD2: How the Final RTS Requirements Will Impact You - Update

On November 27, 2017, the European Commission published its final Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common and Secure Communication (CSC) under PSD2. With the release of the final PSD2 RTS requirements, banks of all sizes can now take action to develop a compliance strategy and implement effective security solutions for electronic remote payment transactions. The Revised… Read more


GDPR

Who owns your data, and what privacy laws govern it? Well, that depends on where you live. If you own it, you should have control over it. If you don’t own it, how secure is it? Recent data breaches that affected the majority of Americans have begun a national dialogue around the security of personal data. In fact, the high… Read more