Connect with us
Finance Digest is a leading online platform for finance and business news, providing insights on banking, finance, technology, investing,trading, insurance, fintech, and more. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.


By Brian Spector, CEO at MIRACL

The European payments market is on the cusp of a radical change.  Due to come into effect in January 2018, the revised Payment Services Directive, PSD2, is a centralised attempt by the European Parliament to, among other things, make online payments safer for businesses and individuals, by clearly specifying liability and authentication rules. But rather than being just a swathe of red tape, the directive is a much-needed attempt to prevent our entire banking system from being exploited by hackers.  In this article we’ll outline some of the key features of the Directive, and explain why it will benefit both the financial services industry and its customers.

Brian Spector

Brian Spector

As the payments market has become more open, with a plethora of third parties now sitting between banks and their customers, it has become essential to accurately verify the identities of people accessing the data and systems involved. The PSD2 regulations specify that each payment provider is required to have strong authentication processes in place, whether they are the main service providers or one of the new third party organisations. PSD2 also states that for authentication to be seen as ‘strong’, it must not be replicable. This will prevent fraudsters from simply copying authentication data to get a successful payment.  This is positive news for everyone involved in the payments process, and for the first time sets common standards on how banks can verify their customers’ identities.

So why is this needed? Cybercrime is already a huge problem for the banking sector, with several high-profile attacks reaping significant rewards for hackers. For example, in 2010, attackers stole £44 million in an international operation involving the Zeus Trojan, a computer virus that captured passwords and account details. But as hacking tools become more advanced, these threats will evolve into a new generation of attacks that may worsen the already questionable security currently being used. While banks have long prioritised being as user-friendly as possible, the security risks have escalated.

Many banks store user credentials, such as username and password, in whole form and in one central place, leaving them vulnerable to being compromised at source or stolen in transit while being sent over the Internet.  Besides the well-known hacking tools, such as malware and Trojans, there is an increasing trend for attackers to use browser rootkit attacks to enable fraudulent transactions. These are malicious programs that run at the administrative level, usually operating as an extension to a web browser. They are fully automated and capable of performing fraudulent transactions and covering their traces at the same time.  In an online banking transaction, all the information displayed on a customer’s PC, including: account numbers, name, balance and transaction details can be leaked by a browser toolkit and sent to an attacker, who can use this information to physically target users, through identity theft techniques.

While many banks also offer additional security features such as two-factor authentication, or authentication via SMS text message,this kind of security no longer provides much of an obstacle to attackers.  Two-factor authentication doesn’t protect against browser rootkit attacks, and in addition, hackers can easily hijack phone numbers or intercept text messages, so this kind of authentication is becoming increasingly redundant. This reality led the US government agency responsible for establishing digital security guidelines, the National Institute of Standards and Technology, (NIST), to announce that it would no longer be recommending the practice of SMS-based authentication.

As a result of these factors, the PSD2 guidelines require each payment initiation service provider to have strong customer authentication processes in place, by establishing: something a user knows (such as a PIN number or username), something they have (such as a token); and something they are (such as biometric authentication).  This is good news for all concerned because it will reform the payments industry and encourage new technologies and innovations that will help to keep users more secure, while keeping the end-user experience simple and straightforward.

In the last few weeks, Mastercard and Lloyds have announced that they are testing a range of new authentication methods, such as ‘selfie pay’ facial identification, and it’s exciting to see what other types of authentication will soon become more mainstream.The truth is, real digital security requires the complete elimination of centralised security systems.  For example, MIRACL’s zero-factor authentication allows customers to authenticate using a secure app on their mobile device, like an ATM machine, rather than a username and password, and never sends authentication credentials across the web for storage in the cloud.

By regulating new Payment Institutions, the Directive will also accelerate competition across the industry, helping to drive innovation and develop new methods which will make the entire payments industry a safer place for all concerned.

Continue Reading

Why pay for news and opinions when you can get them for free?

       Subscribe for free now!

By submitting this form, you are consenting to receive marketing emails from: . You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Posts