Strong customer authentication for PSD2 and GDPR


The year 2018 is finally here and brings with itself the much awaited privacy and data security regulation frameworks- Payment Services Directive 2 (PSD2) and General Data Protection Regulation (GDPR). PSD2 comes into force on January 13, 2018 and GDPR a short five months later on May 25, 2018. Europe. Driven by the European Commission, both these regulatory frameworks are expected to have far reaching implications for businesses around the globe around how they manage consumer data while enhancing security and data protection.

GDPR implications

The GDPR directive strengthens data protection for individuals and provides them with enhanced control over their personal data. The regulations are applicable not only to EU businesses but also to businesses outside EU if they’re processing personal data of EU residents for providing goods or services or those monitoring behaviour of individuals in the EU. Overall, GDPR provides a number of rights to the end customer related to consent, data access, portability and erasure and expands the responsibilities and liabilities of businesses in terms of compliance.

PSD2 implications

The PSD2 directive on the other hand aims to create a level playing field for all payment service providers, while enhancing security and customer protection. The PSD2 directive on the other hand aims to create a level playing field for all payment service providers, while enhancing security and customer protection. It also ensures that banks provide access to third party providers (TPPs) direct access to customer account data through open application programming interfaces (APIs), thereby opening up the financial services sector for competition.

Strong customer authentication (SCA) under PSD2

PSD2 also aims to improve security and reduce fraud rates in payments and mandates the use of strong customer authentication (SCA) or two factor authentication (2FA) in a very wide range of scenarios. The current strong customer authentication (SCA) technologies while add a layer of protection to the authentication process add friction to customer experience. These conventional technologies involve using SMS One time password (OTP), hardware tokens and mobile authenticator apps to provide the second factor thereby leading to friction and inconvenience at the user end. 

PSD2 while reducing fraud will likely impact the speed and convenience of online payments. 

AppsPicket solution for Strong customer authentication (SCA)

AppsPicket offers an entirely new paradigm in strong customer authentication (SCA). Our technology utilises a sophisticated cryptographic protocol that checks the user device and password/biometric in unison to authenticate the user. The one step two factor authentication implies frictionless user experience and significantly better transaction conversion rates. The user just provide the first factor (password or biometrics) and our API derives a cryptographic key from the password/biometric and the user device. It then executes a 3-round challenge response public key based authentication protocol with the remote authentication server. 

Our protocol ensures that the private keys are generated dynamically to authenticate users and do not need to be stored anywhere.At the same time only public keys are stored at the server end eliminating the risk of password or biometric data breach.

If you’re a payment provider in the EU market and trying to figure out how to comply with the upcoming regulations without affecting your customers, do get in touch with us.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *