EBA Eases Strong Customer Authentication Requirements under PSD2

On Thursday 23 February, the European Banking Authority (EBA) published its long-awaited final draft Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common and Secure Communication (CSC) under the revised Payment Services Directive (PSD2). In general the EBA has relaxed its requirements compared to the RTS in the EBA’s Consultation Paper from August 2016. Here are the most important changes: Transaction risk analysis. The final draft RTS introduces… Read more


SMS Authentication

Banks and payment service providers sometimes rely on SMS to verify the identity of a person who wishes to make a wire transfer or confirm a payment. They send an SMS message with a one-time password (OTP) to the person’s mobile phone, and the user has to enter this OTP into the application of the bank or payment service provider. In this blog post I discuss whether SMS-based authentication will… Read more


eIDAS smart card

Now that the eIDAS Regulation is in full effect, the ease of cross-border digital business is a reality in the EU. The new Regulation comes at an opportune time to make trusted communications between businesses, citizens and public authorities easier in Europe – removing the previous hurdles and fragmented legal frameworks from the Regulation’s predecessor, the EU Directive. Many people believed that the Directive mandated the use of the Qualified… Read more


eIDAS: Making Cross-border Digital Business a Reality – Today

A new e-signature Regulation in the European Union comes into effect today, July 1, 2016, which will have an immediate and positive impact on cross-border commerce across Europe. Replacing the existing EU Directive, Electronic Identification and Trust Services for Electronic Transaction (eIDAS) now uniformly recognizes all forms of e-signature – regardless of local interpretation – making it easier to do business across the continent and creating a single, digital market…. Read more


A Shift in the Wind – Securing Patient Portals

I thoroughly enjoyed my time at HIMSS16 in Las Vegas. It was great to be back, see old friends and make new ones. The landscape, as it relates to security has certainly changed since my first HIMSS Conference in 2008. I recall walking the exhibit hall discussing multi-factor authentication and identity management only to receive blank stares or interesting comments from prospective partners and customers.   I heard, “we use usernames and… Read more


On the road to trusted identities in healthcare, or just more compliance work?

On Feb 9th, the Senate health committee unanimously (22-0) approved wide-ranging legislation designed to improve health IT by modifying requirements relating to the development and use of electronic health records (EHR). Senate Bill S. 2511, “To improve Federal requirements relating to the development and use of electronic health records technology” is clearly a result of Congress’ displeasure with the lack of interoperability, data sharing and security in our healthcare system… Read more


Top 5 Security Stories in 2015

2015 was a remarkable year in the IT security area. There was never a dull moment with novel attack methods, new enemies, massive breaches of healthcare organizations and the OPM, Hacking Team’s embarrassing takedown, and cars and toys becoming targets. Hard to imagine it all fit into just 365 days and it doesn’t look like it will slow down one bit with the New Year. Below is a brief look… Read more


What does the new Directive on Payment Services (PSD2) Mean for PSPs?

On October 8th, the European Parliament adopted the revised Directive on Payment Services, also known as PSD2. This new directive, which is the long awaited successor of the first Payment Services Directive from 2007, aims to harmonize the European retail payments market, which is very much fragmented along national borders, and foster the adoption of innovative, easy-to-use and secure payment schemes. PSD2 is the latest development in a series of… Read more


The big news in the security segment this week is the newly-formed agreement that President Barack Obama has struck with Chinese President Xi Jinping. With a backdrop of U.S. threats to launch counter-attacks, the two leaders agreed to refrain from state-sponsored cyberattacks against each other that attempt to steal trade secrets or competitive business information. Sounds pretty good on the surface, but as it is with any complex agreement, you… Read more


September 22, 2015 - John Gunn
Why the Pending U.S. EMV Liability Shift Deadline is Almost Meaningless

The shift to the EMV standard in the U.S. has drawn incredible media attention for more than a year as everyone witnesses the approach of the looming liability shift deadline. But what does it really mean for merchants, consumers, and hackers? I say the answer is actually very little, and in as few words as possible, I will tell you why. EMV comes to America It’s not a well-kept secret… Read more