How Will the Final PSD2 RTS Requirements Impact You?

On November 27, 2017, the European Commission published its final Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common and Secure Communication (CSC) under PSD2. With the release of the final PSD2 RTS requirements, banks of all sizes can now take action to develop a compliance strategy and implement effective security solutions for electronic remote payment transactions. The… Read more

Authentication for E-Signature Transactions: Forrester Recommends Flexibility

Forrester Research just published a new report on e‑signature, The State Of E-Signature Implementation: 25 E-Signature Use Cases Show Adoption Trends. In it, Forrester analyzes electronic signature implementations from a cross-section of industries, including financial services, government, food services, tourism, manufacturing, retail and more. The growing European adoption of e-signatures for document signing is clear. More than 50% of the implementations… Read more

Forrester Uncovers Trends in E-Signature Implementation

Electronic signature is a prerequisite and an important enabler for digital business. Organizations now have the tools to replace hybrid paper-digital processes with fully digital ones. However, most organizations have only begun the long journey of becoming digital businesses. This can’t be achieved without e-signatures, which keep processes 100% digital by automating straight-through processing and eliminating the need to drop… Read more

PCI DSS 3.2 Compliancy

On February 1, 2018, Requirement 8.3 of the Payment Card Industry Data Security Standard (PCI DSS 3.2) goes into effect, making multi-factor authentication mandatory for non-console access to computers and systems handling cardholder data, and remote access to the cardholder data environment (CDE). Earlier this year, the PCI Security Standards Council also issued guidance for multi-factor authentication implementations. PCI DSS… Read more

Faces of Fraud

Analysts wonder whether recent hacks like that of Equifax might serve as the tipping point for banks to rollout new anti-fraud measures, while in tandem, more than half of financial institutions surveyed lack confidence in their current ability to detect and prevent fraud. At least that’s what the 2017 Face of Fraud Survey, conducted by ISMG, experts in risk management… Read more

October 26, 2017 - Steven Murdoch, Frederik Mennes
Existing encryption's a casualty of the massive KRACK WiFi attack

The KRACK WiFi attack has exposed a major vulnerability that could impact millions of users around the world, creating a major new threat for security professionals, financial institutions, retailers and payment companies. But there are options to mitigate the risk. Read what Frederik Mennes and Steven Murdoch have to say on this important topic in an article recently contributed to Payment Source…. Read more

The Berlin Group’s NextGenPSD2 conference

Many European banks, banking associations and fintech companies are currently waiting for the Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common and Secure Communication (CSC) to be adopted by the European Commission and Parliament. These RTS define the technical requirements for the communication interfaces (APIs) that banks have to provide to Third Party Providers (TPPs) in the… Read more

sms authentication

What a difference a year makes. As related in AppDev Magazine’s recent newsletter, just one year after NIST, the National Institute of Standards and Technology issued guidance that found SMS insecure and no longer suitable as a strong authentication mechanism; it has backpedaled to reduce their previously strong statements and instead offers a new, softer recommendation. According to this article,… Read more

Bug Bounty Program

Security is of utmost importance to VASCO as is maintaining a high security bar for our products and cloud services. As such, VASCO has launched a bug bounty program to expand the security evaluation of our products beyond our walls and tap into the large pool of highly skilled ethical hackers outside our company. The bug bounty program currently consists… Read more

Earlier this year, the New York State Department of Financial Services (NYDFS) significantly increased the cybersecurity requirements for any financial services company doing business in the state. Given that New York City is the “Financial Capital of the World”, there are few organizations unaffected by the Cybersecurity Requirements for Financial Services Companies regulation. Section 500.12, requires all covered entities to use multi-factor authentication (MFA) for… Read more