Prepare for PSD2: Understanding the Opportunities and Digital Risks

It never fails. A new transaction channel opens, and we start seeing fraud take hold and grow there. It’s already happened with mobile; as the channel has grown, so has the incidence of fraud. According to RSA’s Quarterly Fraud Report, mobile browser and mobile web applications accounted for 56 percent of global transactions among RSA customers,and the incidence of mobile fraud reached 71 percent.  Extending that trend into the future, it’s reasonable to anticipate that as third-party channels enabled by the revised (EU) Payment Services Directive (PSD2) take a growing share of banking transactions, we’ll see fraud increasing in that channel as well.

PSD2 includes four technical requirements aimed at strengthening the security capabilities of banks that share data with third-party providers in accordance with the directive. These Regulatory Technical Standards (RTS) require strong authentication for transactions, anti-malware capabilities and secure APIs. Here’s a summary of the requirements and how technology can help meet them. (Note: All the requirements apply to banks; some may also apply to third-party providers, depending on what role the third party plays.)

1.      Strong Customer Authentication
Achieving strong customer authentication means going beyond traditional username/password authentication to authenticate based on additional factors such as biometric authentication (fingerprint or facial recognition, for example), mobile push-to-approve, SMS, OTP and tokens. To address PSD2’s SCA requirements, a bank will need an authentication solution that supports a variety of strong authenticators like these, and also performs transactional risk analysis by evaluating user behavior, device (Read more...)

*** This is a Security Bloggers Network syndicated blog from RSA Blog authored by Heidi Bleau. Read the original post at: