- One of the key changes that the Revised Payment Service Directive (PSD2) brings is the introduction of new players – the third-party Payment Service Providers (PSPs), such as Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs), this will bring more choices for the end users. For the banks, this is a new challenge, to keep their users (or even attract more users), they must provide customers with not just secure PSD2 compliant but also easy to use solutions.
As the world’s leading supplier and provider of digital security solutions, FEITIAN is providing identification solution to many world leading banks, we can help banks to accomplish PSD2 compliance.
PSD2 Compliance with FEITIAN
- To achieve PSD2 compliance, the below two requirement must be fulfilled:
Strong Customer Authentication
- One of the key security requirements to achieve PSD2 compliance is the adoption of the SCA for all electronic transactions, under PSD2, two-factor authentication (2FA) will become mandatory, identification result must be based on two (or more) independent of the three factors (a. something you have, such as tokens or mobile devices, b. something you know, such as your PIN, and c. something you are, such as fingerprint, iris, etc.).
FEITIAN Identification solution can provide multiple options for banks to adopt for their 2FA, which includes hardware authenticators (such as OTP tokens, OTP display cards, PKI key fobs, FIDO U2F and FIDO2 security keys) and mobile authenticators (mobile OTP).
- Dynamic Linking is a new concept brought by RTS: for payment transactions, the authentication code must be dynamically linked to the transaction details (the transaction amount and the payee), this is to avoid man-in-the-middle attacks, whereby an attacker modifies the transaction amount or the payee after the payer authenticated the with not-dynamic-linked authentication code.
FEITIAN has both hardware ban software solution to complies with the dynamic linking requirements:
Transaction-signing OTP Token/Card
- Users can input the payee account number together with the transaction amount, the OTP tokens/cards will generate an authentication code which is based on the payee, amount and the time.
PKI Key with LCD
- The LCD can display all transaction such as the amount, payee account or even the payee’s name, users can double confirm the transaction information and then sign the transaction.
- With FEITIAN mobile OTP, users can scan the QR code displayed in the online banking page to get the transaction information (payee, amount, etc.), so that there is no need to input them manually, and then generate the authentication OTP code.