Earlier this year, the New York State Department of Financial Services (NYDFS) significantly increased the cybersecurity requirements for any financial services company doing business in the state. Given that New York City is the “Financial Capital of the World”, there are few organizations unaffected by the Cybersecurity Requirements for Financial Services Companies regulation. Section 500.12, requires all covered entities to use multi-factor authentication (MFA) for… Read more


Blockchain is one of the more exciting – and often misunderstood – emerging technologies. It essentially offers the ability to record and track transactions in a decentralized database (often referred to as a “ledger”). When a transaction occurs, everyone who has permission on the network knows about it. It’s tamper-proof and everything happens in real-time. This has disruptive implications for… Read more

ENISA Report

A recently published study from ENISA — the European Union Agency for Network and Information Security which advises member states and private sector organizations in implementing EU legislation, provides guidelines on how to take the appropriate measures to comply with the General Data Protection Regulation (GDPR). ENISA’s recommendation includes two-factor authentication and mobile application security as technical measures in high-risk… Read more

Behavioral Biometrics: Improving Security and the Customer Experience

Before the Internet, customers who wanted to transact with their bank had only one option – a visit to their local branch for a face-to-face transaction. Now, in the mobile age, customers expect their banks to provide secure and easy access to the full suite of banking services via their mobile device. New channel, new challenges This demand for mobile… Read more

Android Malware

One of the key security issues facing organizations that support Android devices is the risk of rooting malware. A number of malware families on the Android mobile OS attempt to obtain root access once installed because the elevated privileges gained come in handy to perform malicious activities. There is, however, a way to detect rooting and protect your organization and… Read more

Security of Internet Payments: Legislative Developments in Europe

In the ongoing discussion on PSD2, in late June the European Banking Authority (EBA) published its opinion on the European Commission’s proposed amendments to the PSD2 draft Regulatory Technical Standards (RTS) on Strong Customer Authentication and Common and Secure Communication. Below, we’ve included a simplified version of the debate about the amendments to help you navigate PSD2. The EBA’s opinions… Read more

July 6, 2017 - Guest Blogger Lars Birkeland, Marketing Director of Promon
PSD2 Creates Opportunities for Payment Providers but also Vulnerabilities to Mobile Users

Customers of the British retail bank Tesco Bank awoke in early 2017 to find their bank accounts drained of funds. The recent Tesco Bank hack has left the retail banking world reeling, searching for answers and more effective ways to secure themselves against future attacks. It has been revealed weaknesses in the bank’s mobile applications left the door open for cybercriminals to brute… Read more

EBA Eases Strong Customer Authentication Requirements under PSD2

On 23 February the European Banking Authority (EBA) proposed its final draft Regulatory Technical Standards (RTS) on Strong Customer Authentication and Common and Secure Communication (CSC) under PSD2 to the European Commission (EC). On 24 May the Commission sent a letter to the EBA, stating its intent to amend the final draft RTS. The EBA published this letter as well… Read more

Recent data breaches and malware phishing attacks have unfortunately become the “new norm” in today’s digital world. Cybercriminals target Internet users of all stripes to gain access to online accounts associated with an email address, such as online banking. A consumer alert from the IRS reported a 400% increase in online phishing and malware attacks during the 2016 U.S. tax… Read more


What initially looked like an attack against England’s National Health Service (NHS), forcing hospitals to turn away patients on May 12, 2017, has turned out to be the largest coordinated cyberattack ever seen. Cybersecurity professionals around the world are discovering that the WannaCry ransomware indiscriminately targets all industries everywhere. After only 3 days, the estimated number of victims is over… Read more