Join Finextra, OneSpan and Industry experts for our on demand webinar as we discuss how to create a secure execution environment for mobile apps and what authentication models are best for banks and TPPs and how to comply with the technical requirements of PSD2.
The conversation around PSD2 has become more specific of late, banks and Third-Party Providers (TPPs) are getting to grips with implementing systems for compliance with the updated payments regulation, having had a period of time to make inroads into implementation.
The initial jostling was around the Regulatory Technical Standards (RTS), but practicable issues around multi-channel transaction monitoring and dynamic linking are coming to the fore. Ultimately it is about securing transactions, and it is a complicated minefield. Dynamic linking connects the payment transaction code to the amount and the payee and was introduced as part of RTS to counter man-in-the-middle attacks, which hijack transactions to alter the value and recipient.
Wherein lies the greatest danger, is it in the open APIs? What is the best authentication model for interacting with TPPs and maintaining independence of elements- is it redirection, embedding, decoupling?
Particularly on the mobile channel, it is difficult to offer wholesale security in combination with fast and convenient customer experience. For online banking, could authentication be carried out via SMS or QR code, and is biometric authentication the way to go about it?
Join Finextra and OneSpan as we discuss creating a secure execution environment for mobile apps and what authentication models are best for banks and TPPs.
- Frederik Mennes, Senior Manager Market & Security Strategy, OneSpan
- Lana Abdullayeva, Director, Open Banking and PSD2, Lloyds Banking Group
- Hetal Popat, Programme Director and Head, Open Banking and PSD2, HSBC UK
- Marijke Koninckx, Product Officer, BankiFi
- Anna Milne, Editor, Finextra