As discussed in a previous blog, the European Banking Authority (EBA) has released the final draft of its technical guidance for PSD2. Articles 4 and 25 of said guidance include mandates for the security of the customer authentication process.
One of the key elements of the authentication mandate is the requirement to use advanced security technology to safeguard all client-to-server communications against interception. In other words, to protect against MitM (Man-in-the-Middle) attacks.
The European Banking Authority has released the final draft of its Regulatory Technical Standards on authentication and secure communication for PSD2. In follow up to my original blog, I’m back with my analysis of the affect their final guidance may have on the consumer experience.
The impact of global cybercrime is shocking: 38.5% of firms have experienced a cyberattack in the past 12 months and 21% of cyberattacks result in costs exceeding €5M. Financial services is arguably the industry most targeted by hackers. As such, these numbers will likely skyrocket as the industry undergoes disruption.
It’s 2017 and, ready or not, the payments & banking industry is facing disruption. But what does that mean for your company’s cyber security? We hope to unravel that for you in the Irdeto payments & banking security blog we’re launching today.
For years, Irdeto has helped companies in the media industry solve a lot of the same kinds of security problems you’ll be facing as you navigate a disrupted payments & banking landscape. This experience has provided us with a unique perspective
Picture Bob. He thinks he’s figured out how to avoid paying for cable TV by watching programs streamed from pirate websites. One day, he’s watching a live football broadcast and ten minutes into the game, he loses all access. His screen goes blank. Is ruining the user experience on pirated sites a new combat strategy?
Seeing it differently
Degrading user experience may not be the first thing that comes to mind when considering how to combat cybercrime.
A lot has been written about PSD2 and its impact. The hope is it will allow 3rd parties (Account Information Service and Payment Initiation Service Providers) to access consumers’ transactional data. Combining it with the existing contextual data new interesting services can be built. But success requires a good consumer experience.
There are some really interesting (possibly unintended) consequences being introduced…
The EU Payment Service Directive (PSD2) aims to enhance consumer security, increase competition and create a single EU-wide market for payments. No doubt this market disruptive initiative opens the door for innovation. But will PSD2 inadvertently introduce more vulnerability for the cybercriminals to exploit?
Achieving its aims all hinges on the banks sharing their customer data with anyone that holds the required license. This third party access to accounts (XS2A) ensures that banks cannot block the move to a new payment services market.