Secure payment services
Enhancing payment services security based on PSD2
CIONET is the largest CIO/CTO community (with more than 6500 members) focused on innovation and information technology. The purpose of this challenge is to leave the imagination and creativity open to all participants, and to present a solution that goes beyond the other categories/challenges but is nevertheless pioneering, impactful and adds value to the financial landscape.
This challenge focuses on the use of ‘strong customer authentication’: proposing the requirement that (at a minimum) what is known by many as two factor authentication (“2FA”) is carried out for remote / online / electronic payment transactions.
The Open Bank Project PSD2 sandbox demonstrates a PSD2 API solution. The API provides a secure avenue that allows bank account holders to access their banking data and services via approved third party applications, following the consent of both the bank and the customer. Use this sandbox to explore our PSD2 API catalogue, test an example API powered application and register for a developer key so you can start building your own applications.
Secure payments based on PSD2 outcomes, specially 2FA, the establishment of security frameworks to assess and report on operational matters expressly including security issues. Security incident reporting: both to regulators and customers. Mandatory security assessment reporting to regulators: on security measures and their effectiveness.
Some examples are:
- New algorithms (for information exchange, fraud prediction, etc.);
- New intermediary technologies (middleware, APIs) to increase security;
- Secure Registries and distributed ledger applications;
- New forms of hardware that increase security (e.g. wearables, biometrics).
This challenge provides an opportunity to demonstrate new security functionalities which increase the confidence of the end user and the financial ecosystem, and help people get better understanding of the benefits of such functionalities:
- Improves the accuracy of transaction status and information online;
- Make people feel safer online; and/or make people more aware of how their transaction is being processed and where there are vulnerabilities;
- Improve awareness of online misinformation to prevent fraud.