23 Sep 2021
Banfico has launched an Open Banking Directory Service, enhancing its open banking portfolio, already being used by communities around the world. The Banfico Directory will form part of the TPP regulatory validation service being used by Account Servicing Payment Service Providers (ASPSPs) in Europe and UK.
26 Jul 2021
Strong Customer Authentication (SCA) is a key part of the Second Payment Services Directive (PSD2) and a vital measure to counteract the rise in online fraud. As the new security framework for digital payments, SCA has been a long time coming – and now the implementation deadline has been extended yet again.
10 Jun 2021
The growth of online banking and payments has seen a corresponding rise in fraud. Scammers have become increasingly adept at exploiting vulnerabilities in digital transactions, and one of the most alarming trends over the past decade has been the increase in Authorized Push Payment (APP) scams.
12 May 2021
As financial technology improves rapidly, it brings with it increasingly sophisticated forms of fraud. Malicious actors regularly target financial firms, and over the past decade the UK has witnessed the rise of a certain form of fraud. Its name is Authorized push payment (APP) fraud, and it's a concern for both banks and customers alike.
24 Nov 2020
EBA - the European Banking Authority announced in July this year that eIDAS certificates of UK Third-Party Providers (TPP) will be revoked by 31 Dec 2020. Therefore, FCA had to intervene to limit the risk of disruption to open banking services after Brexit. FCA organized a consultation among the industry members before addressing this issue.
17 Aug 2020
The eIDAS Regulation is Regulation (EU) 910/2014 on electronic identification and trust services for electronic transactions in the internal market. The Regulation applies from 1 July 2016 for the most part of its articles.
22 Nov 2019
21 Nov 2019
Join us for our next Webinar on December 6 th 2019 at 12 – 1pm UK time, focusing on TPPs Directory &
Validation, eIDAS Certificates and the Modified Customer Interface – Register now (using the webform at
the end of this page) to reserve our spot and receive all relevant material.
Often PSD2 Implementation is focused around API Management. Identity & Access Management (IAM) is much more critical to PSD2 Implementation. Below post justifies importance to handling IAM functionalities in such regulatory program
PSD2 regulation allows 'resource owners' (bank customers) to share their 'resource' (banking data) to 'clients' (third party providers -TPPs) subject to customers' consent. PSD2 regulation keeps customers at the heart of all changes. Identity, Verification, SCA, Access Controls, Security & Consent make PSD2 much more IAM intensive than API Management.
This is probably simple topic but banks have put lot of efforts into its discussion of whether SMS/OTP is RTS-SCA compliant or not. Arguments still carries on from two perspectives - authentication element (possession) & secure channel.
For now EBA (5th Oct) has clarified that SMS does constitute as SCA (possession) feature - They have also quoted RTS article 22, which refers to confidentiality, integrity & security. While creating the OTP with dynamic linking is SCA compliant but transmission & delivery medium is debated