Dec 28, 2018

psd2 compliance for european banks

PSD2 increases the level of user authentication required for the payment service, with the purpose of ensuring that Payment Service Providers (PSPs) can be confident in the authenticity of users.

Strong Customer Authentication

PSD2 requires PSPs to apply “Strong Customer Authentication” (SCA) in cases where an organization or consumer attempts to access their payment accounts online, initiates an electronic payment transaction or “carries out any action through a remote channel which may imply a risk of payment fraud or other abuses.”

In PSD2, SCA must have two-factor authentication or multi-factor authentication (*1). Therefore, authentication procedures must use two or more of the following elements, categorized as knowledge, ownership, and inherence:

  • Something only the user knows, “what you know,” i.e., username and password, personal identification number (PIN)
  • Something only the user possesses, “what you have,” i.e., smart card, mobile phone
  • Something the user is, “what you are,” i.e., biometric characteristics, such as a fingerprint, face, iris, voice, behavior

Strong Customer Authentication Requirements Under PSD2

• 2FA:Mandatory two-factor user authentication, i.e., knowledge, ownership, inherence.

KOBIL Trusted Login and KOBIL Trusted Verify helps meet this requirement

• Dynamic Linking: Authentication code must be linked to the amount and payee of the single transaction or batch of transactions,

KOBIL Trusted Verify helps meet this requirement.

• Security Measures: Adoption of security measures to ensure confidentiality, authenticity, and integrity of the information displayed through all phases, including generation, transmission, and use of the authentication code,

KOBIL Trusted Login, KOBIL Trusted Verify, and KOBIL Trusted App helps meet this requirement

• Scope: Applicable to payment services provided to natural and legal persons on remote channels in the European Union,

KOBIL has been helping EU financial institutions meet strict regulatory requirements regarding information security and remote channels since 1984.

KOBIL Digitanium Suite was designed to respond to a growing demand from financial institutions and their clients for a multi-channel digital identity, transaction signing, and trusted workflow solution. It enables strong authentication and personal signatures with an audit trail using a secure, scalable and cost-effective infrastructure.

KOBIL Digitanium Suite uses a trusted and reliable Public Key Infrastructure (PKI), as well as KOBIL virtual smart cards and KOBIL Digitanium high trust environment and is based on common and widely used industry standards.

(*1) Two-factor authentication uses two factors, as the name implies, and Multi-Factor Authentication uses two or more factors. If multi-factor authentication has only two factors, it can be called either MFA or 2FA.