Blog

Banfico Launches Open Banking Directory Service

23 Sep 2021

Banfico has launched an Open Banking Directory Service, enhancing its open banking portfolio, already being used by communities around the world. The Banfico Directory will form part of the TPP regulatory validation service being used by Account Servicing Payment Service Providers (ASPSPs) in Europe and UK. read more ...

Deadline Extension for Strong Customer Authentication

26 Jul 2021

Strong Customer Authentication (SCA) is a key part of the Second Payment Services Directive (PSD2) and a vital measure to counteract the rise in online fraud. As the new security framework for digital payments, SCA has been a long time coming – and now the implementation deadline has been extended yet again. read more ...

Confirmation of Payee: Why it should be mandatory

10 Jun 2021

The growth of online banking and payments has seen a corresponding rise in fraud. Scammers have become increasingly adept at exploiting vulnerabilities in digital transactions, and one of the most alarming trends over the past decade has been the increase in Authorized Push Payment (APP) scams. read more ...

The Benefits of Implementing CoP for Banks and Financial Institutions

12 May 2021

As financial technology improves rapidly, it brings with it increasingly sophisticated forms of fraud. Malicious actors regularly target financial firms, and over the past decade the UK has witnessed the rise of a certain form of fraud. Its name is Authorized push payment (APP) fraud, and it's a concern for both banks and customers alike. read more ...

Brexit, eIDAS Revocation and FCA changes to Open Banking identification requirements

24 Nov 2020

EBA - the European Banking Authority announced in July this year that eIDAS certificates of UK Third-Party Providers (TPP) will be revoked by 31 Dec 2020. Therefore, FCA had to intervene to limit the risk of disruption to open banking services after Brexit. FCA organized a consultation among the industry members before addressing this issue. read more ...

Brexit and eIDAS Revocation

17 Aug 2020

The eIDAS Regulation is Regulation (EU) 910/2014 on electronic identification and trust services for electronic transactions in the internal market. The Regulation applies from 1 July 2016 for the most part of its articles. read more ...

Banfico at FinTech Connect 2019

22 Nov 2019

Banfico will be at FinTech Connect, in London Excel, on December 3rd & 4th 2019, the UK’s largest fintech event read more ...

December 6 th 2019 Banfico Webinar - PSD2 Compliance Delivery Series

21 Nov 2019
Join us for our next Webinar on December 6 th 2019 at 12 – 1pm UK time, focusing on TPPs Directory &
Validation, eIDAS Certificates and the Modified Customer Interface – Register now (using the webform at
the end of this page) to reserve our spot and receive all relevant material. read more ...

Separation of Concerns - IAM vs API Management

30 Jun 2018
Need of IAM in PSD2

Often PSD2 Implementation is focused around API Management. Identity & Access Management (IAM) is much more critical to PSD2 Implementation. Below post justifies importance to handling IAM functionalities in such regulatory program

PSD2 regulation allows 'resource owners' (bank customers) to share their 'resource' (banking data) to 'clients' (third party providers -TPPs) subject to customers' consent. PSD2 regulation keeps customers at the heart of all changes. Identity, Verification, SCA, Access Controls, Security & Consent make PSD2 much more IAM intensive than API Management. read more ...

SMS OTP - PSD2 SCA Compliant or not?

09 Oct 2018
SMS OTP - PSD2 SCA Compliant or not?

This is probably simple topic but banks have put lot of efforts into its discussion of whether SMS/OTP is RTS-SCA compliant or not. Arguments still carries on from two perspectives - authentication element (possession) & secure channel.

For now EBA (5th Oct) has clarified that SMS does constitute as SCA (possession) feature - EBA Single Rulebook Q&A They have also quoted RTS article 22, which refers to confidentiality, integrity & security. While creating the OTP with dynamic linking is SCA compliant but transmission & delivery medium is debated read more ...