The European Banking Authority (EBA) has decided to enforce new and stronger security requirements of internet payments, effective from August 2015 ref: https://www.eba.europa.eu/-/eba-issues-guidelines-to-strengthen-requirements-for-the-security-of-internet-payments-across-the–1
The strong authentication requirements defined within the ‘SecuRe Pay’ framework creates the new rules of liability for all payment service providers –PSP – throughout EU/EEA, quotation:
“PSPs with no or only weak authentication procedures cannot, in the event of a disputed transaction, provide proof that the customer has authorized the transaction.”
The definition of Strong Authentication is as follows:
“Strong customer authentication is a procedure based on the use of two or more of the following elements – categorized as knowledge, ownership and inherence: i) something only the user knows, e.g. static password, code, personal identification number; ii) something only the user possesses, e.g. token, smart card, mobile phone; iii) something the user is, e.g. biometric characteristic, such as a fingerprint. In addition, the elements selected must be mutually independent, i.e. the breach of one does not compromise the other(s). At least one of the elements should be non-reusable and non-replicable (except for inherence), and not capable of being surreptitiously stolen via the internet. The strong authentication procedure should be designed in such a way as to protect the confidentiality of the authentication data.”
About Protectoria Solution for Payment Service Providers
For many years it has been considered within security communities that only a few technological candidates, such as closed and separately crafted hardware, based on Trusted Platform Modules and PKI, could meet such strong authentication as the EBA now requires. Protectoria has, through a long term strategy on R&D for a coming high security market, without negatively affecting the usability and scaling, found an another approach. And that is done through a self-contained, by default and transparent, application based secure virtual environment. The solution is easily running in tandem with other software solutions, introducing no impact on existing investments, e.g. current mobile banking applications.
The Protectoria Mobile Security Platform is a patent pending, future-proof business enabling innovation with the ability for PSPs to even create and deliver next generation Payment Services Directive IIcompliant services. Everything over one device – the convenient smartphone, only.
Protectoria will launch this innovation as a commercially available platform later this year. Stay tuned !
So what does the innovation really mean for PSPs, businesses and users?
Payment service providers may through Protectoria’s innovative and disruptive technical capabilities with high smartphone security put the entire bank branch into the pockets of its users.
This creates new business opportunities for payment service providers with an outperforming competitive edge. Attractive, new and higher service levels, including excellent user experience combined with suitable risk and liability models for the future, are now within range for the providers, businesses and users.
By meeting the need for high mobile security (ref the OWASP cyber threats on mobile applications) and compliance, innovative banks and other payment providers may realize great business benefits from a wider spectrum. -All from convenient, value-added and more competitive services to new and extremely efficient delivery chains.
Our solution removes all friction and paves the way for the next generation digital banking.