Security of Internet Payments: Legislative Developments in Europe

In the ongoing discussion on PSD2, in late June the European Banking Authority (EBA) published its opinion on the European Commission’s proposed amendments to the PSD2 draft Regulatory Technical Standards (RTS) on Strong Customer Authentication and Common and Secure Communication. Below, we’ve included a simplified version of the debate about the amendments to help you navigate PSD2. The EBA’s opinions on the four amendments proposed by the Commission are as… Read more


July 6, 2017 - Guest Blogger Lars Birkeland, Marketing Director of Promon
PSD2 Creates Opportunities for Payment Providers but also Vulnerabilities to Mobile Users

Customers of the British retail bank Tesco Bank awoke in early 2017 to find their bank accounts drained of funds. The recent Tesco Bank hack has left the retail banking world reeling, searching for answers and more effective ways to secure themselves against future attacks. It has been revealed weaknesses in the bank’s mobile applications left the door open for cybercriminals to brute force their way in and take more than £2.5 million… Read more


EBA Eases Strong Customer Authentication Requirements under PSD2

On 23 February the European Banking Authority (EBA) proposed its final draft Regulatory Technical Standards (RTS) on Strong Customer Authentication and Common and Secure Communication (CSC) under PSD2 to the European Commission (EC). On 24 May the Commission sent a letter to the EBA, stating its intent to amend the final draft RTS. The EBA published this letter as well as the amended RTS on its website. The Commission proposes… Read more


EBA Eases Strong Customer Authentication Requirements under PSD2

On Thursday 23 February, the European Banking Authority (EBA) published its long-awaited final draft Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common and Secure Communication (CSC) under the revised Payment Services Directive (PSD2). In general the EBA has relaxed its requirements compared to the RTS in the EBA’s Consultation Paper from August 2016. Here are the most important changes: Transaction risk analysis. The final draft RTS introduces… Read more


SMS Authentication

Banks and payment service providers sometimes rely on SMS to verify the identity of a person who wishes to make a wire transfer or confirm a payment. They send an SMS message with a one-time password (OTP) to the person’s mobile phone, and the user has to enter this OTP into the application of the bank or payment service provider. In this blog post I discuss whether SMS-based authentication will… Read more


eIDAS smart card

Now that the eIDAS Regulation is in full effect, the ease of cross-border digital business is a reality in the EU. The new Regulation comes at an opportune time to make trusted communications between businesses, citizens and public authorities easier in Europe – removing the previous hurdles and fragmented legal frameworks from the Regulation’s predecessor, the EU Directive. Many people believed that the Directive mandated the use of the Qualified… Read more


eIDAS: Making Cross-border Digital Business a Reality – Today

A new e-signature Regulation in the European Union comes into effect today, July 1, 2016, which will have an immediate and positive impact on cross-border commerce across Europe. Replacing the existing EU Directive, Electronic Identification and Trust Services for Electronic Transaction (eIDAS) now uniformly recognizes all forms of e-signature – regardless of local interpretation – making it easier to do business across the continent and creating a single, digital market…. Read more


A Shift in the Wind – Securing Patient Portals

I thoroughly enjoyed my time at HIMSS16 in Las Vegas. It was great to be back, see old friends and make new ones. The landscape, as it relates to security has certainly changed since my first HIMSS Conference in 2008. I recall walking the exhibit hall discussing multi-factor authentication and identity management only to receive blank stares or interesting comments from prospective partners and customers.   I heard, “we use usernames and… Read more


On the road to trusted identities in healthcare, or just more compliance work?

On Feb 9th, the Senate health committee unanimously (22-0) approved wide-ranging legislation designed to improve health IT by modifying requirements relating to the development and use of electronic health records (EHR). Senate Bill S. 2511, “To improve Federal requirements relating to the development and use of electronic health records technology” is clearly a result of Congress’ displeasure with the lack of interoperability, data sharing and security in our healthcare system… Read more


Top 5 Security Stories in 2015

2015 was a remarkable year in the IT security area. There was never a dull moment with novel attack methods, new enemies, massive breaches of healthcare organizations and the OPM, Hacking Team’s embarrassing takedown, and cars and toys becoming targets. Hard to imagine it all fit into just 365 days and it doesn’t look like it will slow down one bit with the New Year. Below is a brief look… Read more