Blog

Banfico at FinTech Connect 2019

22 Nov 2019

Banfico will be at FinTech Connect, in London Excel, on December 3rd & 4th 2019, the UK’s largest fintech event read more ...

December 6 th 2019 Banfico Webinar - PSD2 Compliance Delivery Series

21 Nov 2019
Join us for our next Webinar on December 6 th 2019 at 12 – 1pm UK time, focusing on TPPs Directory &
Validation, eIDAS Certificates and the Modified Customer Interface – Register now (using the webform at
the end of this page) to reserve our spot and receive all relevant material. read more ...

Separation of Concerns - IAM vs API Management

30 Jun 2018
Need of IAM in PSD2

Often PSD2 Implementation is focused around API Management. Identity & Access Management (IAM) is much more critical to PSD2 Implementation. Below post justifies importance to handling IAM functionalities in such regulatory program

PSD2 regulation allows 'resource owners' (bank customers) to share their 'resource' (banking data) to 'clients' (third party providers -TPPs) subject to customers' consent. PSD2 regulation keeps customers at the heart of all changes. Identity, Verification, SCA, Access Controls, Security & Consent make PSD2 much more IAM intensive than API Management. read more ...

SMS OTP - PSD2 SCA Compliant or not?

09 Oct 2018
SMS OTP - PSD2 SCA Compliant or not?

This is probably simple topic but banks have put lot of efforts into its discussion of whether SMS/OTP is RTS-SCA compliant or not. Arguments still carries on from two perspectives - authentication element (possession) & secure channel.

For now EBA (5th Oct) has clarified that SMS does constitute as SCA (possession) feature - EBA Single Rulebook Q&A They have also quoted RTS article 22, which refers to confidentiality, integrity & security. While creating the OTP with dynamic linking is SCA compliant but transmission & delivery medium is debated read more ...