PSD2: Creating a Secure Execution Environment for Mobile Banking Apps

PSD2: Creating a Secure Execution Environment for Mobile Banking Apps

The following article, authored by Frederik Mennes, Senior Manager Market & Security Strategy at the OneSpan Security Competence Center, first appeared 06/2018 in German on IT Finanzmagazin. The revised Payment Services Directive, also known as PSD2, pays a lot of attention to the security of mobile banking apps, mobile payment ... Read More
Open Banking APIs under PSD2: How to Mitigate Risk

Open Banking APIs under PSD2: How to Mitigate Risk

This blog was inspired by an article by Frederik Mennes that first appeared on Techzine. In recent years, open banking has received a lot of attention in the financial services sector. Open banking means that banks open their systems to authorized third-party financial service providers, so these companies can initiate ... Read More
PSD2: How to Perform Dynamic Linking in a Compliant, Convenient Way

PSD2: How to Perform Dynamic Linking in a Compliant, Convenient Way

One of the most discussed requirements of the final Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common and Secure Communication (CSC) under PSD2 is the requirement to perform so-called “dynamic linking” to authenticate a financial transaction. The dynamic linking requirement has three parts. First, it requires a ... Read More
The Berlin Group’s NextGenPSD2 conference

PSD2: Commission Provides Long-Awaited Update on RTS and Screen-Scraping

Many European banks, banking associations and fintech companies are currently waiting for the Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common and Secure Communication (CSC) to be adopted by the European Commission and Parliament. These RTS define the technical requirements for the communication interfaces (APIs) that banks ... Read More
Bug Bounty Program

Calling all Ethical Hackers! VASCO Launches Bug Bounty Program

Security is of utmost importance to VASCO as is maintaining a high security bar for our products and cloud services. As such, VASCO has launched a bug bounty program to expand the security evaluation of our products beyond our walls and tap into the large pool of highly skilled ethical ... Read More
Android Malware

How to Stop the Menace of Android Rooting Malware Attacks with RASP

One of the key security issues facing organizations that support Android devices is the risk of rooting malware. A number of malware families on the Android mobile OS attempt to obtain root access once installed because the elevated privileges gained come in handy to perform malicious activities. There is, however, ... Read More
Security of Internet Payments: Legislative Developments in Europe

PSD2: Simplifying the Debate on the Regulatory Technical Standards for Strong Customer Authentication

In the ongoing discussion on PSD2, in late June the European Banking Authority (EBA) published its opinion on the European Commission’s proposed amendments to the PSD2 draft Regulatory Technical Standards (RTS) on Strong Customer Authentication and Common and Secure Communication. Below, we’ve included a simplified version of the debate about ... Read More
EBA Eases Strong Customer Authentication Requirements under PSD2

PSD2: European Commission proposes amendments to final draft RTS on Strong Customer Authentication

On 23 February the European Banking Authority (EBA) proposed its final draft Regulatory Technical Standards (RTS) on Strong Customer Authentication and Common and Secure Communication (CSC) under PSD2 to the European Commission (EC). On 24 May the Commission sent a letter to the EBA, stating its intent to amend the ... Read More
Protecting against the BankBot Android banking malware using RASP

Protecting against the BankBot Android banking malware using RASP

Earlier this month the Dutch company Securify came across a new sample of the BankBot Android mobile banking malware. While older samples of BankBot mainly targeted Russian financial institutions, the latest sample shows that BankBot now targets European and American banks as well. More specifically BankBot now targets over 420 ... Read More
EBA Eases Strong Customer Authentication Requirements under PSD2

EBA Eases Strong Customer Authentication Requirements under PSD2

On Thursday 23 February, the European Banking Authority (EBA) published its long-awaited final draft Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common and Secure Communication (CSC) under the revised Payment Services Directive (PSD2). In general the EBA has relaxed its requirements compared to the RTS in the ... Read More
Loading...