PSD2: Commission Provides Long-Awaited Update on RTS and Screen-Scraping

Many European banks, banking associations and fintech companies are currently waiting for the Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common and Secure Communication (CSC) to be adopted by the European Commission and Parliament. These RTS define the technical requirements for the communication interfaces (APIs) that banks have to provide to Third Party Providers (TPPs) in the future, and specify how banks have to authenticate users when... Read more The post PSD2: Commission Provides Long-Awaited Update on RTS and Screen-Scraping appeared first on VASCO Data Security - Blog.
Read more

Calling all Ethical Hackers! VASCO Launches Bug Bounty Program

Security is of utmost importance to VASCO as is maintaining a high security bar for our products and cloud services. As such, VASCO has launched a bug bounty program to expand the security evaluation of our products beyond our walls and tap into the large pool of highly skilled ethical hackers outside our company. The bug bounty program currently consists of two projects. The server-side project covers VASCO’s IDENTIKEY Authentication... Read more The post Calling all Ethical Hackers! VASCO Launches Bug Bounty Program appeared first on VASCO Data Security - Blog.
Read more

How to Stop the Menace of Android Rooting Malware Attacks with RASP

One of the key security issues facing organizations that support Android devices is the risk of rooting malware. A number of malware families on the Android mobile OS attempt to obtain root access once installed because the elevated privileges gained come in handy to perform malicious activities. There is, however, a way to detect rooting and protect your organization and mobile application users from malicious attacks – Runtime Application Self-Protection... Read more The post How to Stop the Menace of Android Rooting Malware Attacks with RASP appeared first on VASCO Data Security - Blog.
Read more

PSD2: Simplifying the Debate on the Regulatory Technical Standards for Strong Customer Authentication

In the ongoing discussion on PSD2, in late June the European Banking Authority (EBA) published its opinion on the European Commission’s proposed amendments to the PSD2 draft Regulatory Technical Standards (RTS) on Strong Customer Authentication and Common and Secure Communication. Below, we’ve included a simplified version of the debate about the amendments to help you navigate PSD2. The EBA’s opinions on the four amendments proposed by the Commission are as... Read more The post PSD2: Simplifying the Debate on the Regulatory Technical Standards for Strong Customer Authentication appeared first on VASCO Data Security - Blog.
Read more

PSD2: European Commission proposes amendments to final draft RTS on Strong Customer Authentication

On 23 February the European Banking Authority (EBA) proposed its final draft Regulatory Technical Standards (RTS) on Strong Customer Authentication and Common and Secure Communication (CSC) under PSD2 to the European Commission (EC). On 24 May the Commission sent a letter to the EBA, stating its intent to amend the final draft RTS. The EBA published this letter as well as the amended RTS on its website. The Commission proposes... Read more The post PSD2: European Commission proposes amendments to final draft RTS on Strong Customer Authentication appeared first on VASCO Data Security - Blog.
Read more

Protecting against the BankBot Android banking malware using RASP

Earlier this month the Dutch company Securify came across a new sample of the BankBot Android mobile banking malware. While older samples of BankBot mainly targeted Russian financial institutions, the latest sample shows that BankBot now targets European and American banks as well. More specifically BankBot now targets over 420 leading banks in countries such as Germany, France, Austria, the Netherlands, Turkey and the United States. VASCO’s Threat Research analysts... Read more The post Protecting against the BankBot Android banking malware using RASP appeared first on VASCO Data Security - Blog.
Read more

EBA Eases Strong Customer Authentication Requirements under PSD2

On Thursday 23 February, the European Banking Authority (EBA) published its long-awaited final draft Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common and Secure Communication (CSC) under the revised Payment Services Directive (PSD2). In general the EBA has relaxed its requirements compared to the RTS in the EBA’s Consultation Paper from August 2016. Here are the most important changes: Transaction risk analysis. The final draft RTS introduces... Read more The post EBA Eases Strong Customer Authentication Requirements under PSD2 appeared first on VASCO Data Security - Blog.
Read more

PSD2: Is this the End of SMS-based Authentication?

Banks and payment service providers sometimes rely on SMS to verify the identity of a person who wishes to make a wire transfer or confirm a payment. They send an SMS message with a one-time password (OTP) to the person’s mobile phone, and the user has to enter this OTP into the application of the bank or payment service provider. In this blog post I discuss whether SMS-based authentication will... Read more The post PSD2: Is this the End of SMS-based Authentication? appeared first on VASCO Data Security - Blog.
Read more