PSD2: Creating a Secure Execution Environment for Mobile Banking Apps

The following article, authored by Frederik Mennes, Senior Manager Market & Security Strategy at the OneSpan Security Competence Center, first appeared 06/2018 in German on IT Finanzmagazin. The revised Payment Services Directive, also known as PSD2, pays a lot of attention to the security of mobile banking apps, mobile payment apps, mobile wallets, and other apps that offer payment functionality…. Read more


Online Banking

This blog was inspired by an article by Frederik Mennes that first appeared on Techzine. In recent years, open banking has received a lot of attention in the financial services sector. Open banking means that banks open their systems to authorized third-party financial service providers, so these companies can initiate and process payments and financial transactions at the request of… Read more


Frederik Mennes

One of the most discussed requirements of the final Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common and Secure Communication (CSC) under PSD2 is the requirement to perform so-called “dynamic linking” to authenticate a financial transaction. The dynamic linking requirement has three parts. First, it requires a payer to authenticate a financial transaction by calculating an authentication… Read more


PSD2: How the Final RTS Requirements Will Impact You - Update

On November 27, 2017, the European Commission published its final Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common and Secure Communication (CSC) under PSD2. With the release of the final PSD2 RTS requirements, banks of all sizes can now take action to develop a compliance strategy and implement effective security solutions for electronic remote payment transactions. The Revised… Read more


How Will the Final PSD2 RTS Requirements Impact You?

On November 27, 2017, the European Commission published its final Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common and Secure Communication (CSC) under PSD2. With the release of the final PSD2 RTS requirements, banks of all sizes can now take action to develop a compliance strategy and implement effective security solutions for electronic remote payment transactions. The… Read more


The Berlin Group’s NextGenPSD2 conference

Many European banks, banking associations and fintech companies are currently waiting for the Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common and Secure Communication (CSC) to be adopted by the European Commission and Parliament. These RTS define the technical requirements for the communication interfaces (APIs) that banks have to provide to Third Party Providers (TPPs) in the… Read more


Security of Internet Payments: Legislative Developments in Europe

In the ongoing discussion on PSD2, in late June the European Banking Authority (EBA) published its opinion on the European Commission’s proposed amendments to the PSD2 draft Regulatory Technical Standards (RTS) on Strong Customer Authentication and Common and Secure Communication. Below, we’ve included a simplified version of the debate about the amendments to help you navigate PSD2. The EBA’s opinions… Read more


July 6, 2017 - Guest Blogger Lars Birkeland, Marketing Director of Promon
PSD2 Creates Opportunities for Payment Providers but also Vulnerabilities to Mobile Users

Customers of the British retail bank Tesco Bank awoke in early 2017 to find their bank accounts drained of funds. The recent Tesco Bank hack has left the retail banking world reeling, searching for answers and more effective ways to secure themselves against future attacks. It has been revealed weaknesses in the bank’s mobile applications left the door open for cybercriminals to brute… Read more


EBA Eases Strong Customer Authentication Requirements under PSD2

On 23 February the European Banking Authority (EBA) proposed its final draft Regulatory Technical Standards (RTS) on Strong Customer Authentication and Common and Secure Communication (CSC) under PSD2 to the European Commission (EC). On 24 May the Commission sent a letter to the EBA, stating its intent to amend the final draft RTS. The EBA published this letter as well… Read more


EBA Eases Strong Customer Authentication Requirements under PSD2

On Thursday 23 February, the European Banking Authority (EBA) published its long-awaited final draft Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common and Secure Communication (CSC) under the revised Payment Services Directive (PSD2). In general the EBA has relaxed its requirements compared to the RTS in the EBA’s Consultation Paper from August 2016. Here are the most… Read more