PSD2

Extending OAuth2 to meet PSD2 Identity Security Requirements

The new Payment Services Directive 2 is compelling European banking actors to open their services to outside partners. Most banking actors were not fully ready for the exposition of the services that were, until then, strongly kept for inside use. Some initiatives such as Open Banking(UK) and STET(FR) have established OAuth2 as the main standard for authentication, authorization and user consent. However all requirements cannot be directly addressed by the current state of the specifications. Despite some additions by the Financial API initiative such as TLS certificate authentication a few issues still elude the standards

Is there a way to handle out-of-band authentication for the user without forcing multiple redirections on his device? What implementation of OAuth2 can bring an answer for business-driven authentication step-up at run time and transaction-based authentication? Is there a way to make the user experience simpler and lighter during authentication and avoid window flickering on mobile devices but keep the right security level?

In this session we will explain PSD2 requirements on customer authentication and what it implies for banks and we will also shine light on some of the answers that were brought when the standards came short.

Key Takeaways:

• What does PSD2 require from European banks regarding identity security?
• How can the OAuth2 and OpenID standards answer those requirements and what are they coming short for?
• What answers have been found to those limitations?

Presentation deck

Extending OAuth2 to meet PSD2 Identity Security Requirements

Click here to download the slide deck. Please note that downloads are only available for event participants and subscribers. You'll need to log in to download it.

PSD2 Finally Enforced – Here is How to Get Started

PSD2 will revolutionize the portability of Identity not only for the banking industry but for everyone. While the intent is to increase participation in the payments industry but architecting for PSD2 will change the way consumer identity is shared, protected and self-managed. In this session, we will explore the requirements of PSD2, best practices for achieving these requirements and we will demonstrate a testbed for PSD2 that can enable fast adoption.

Presentation deck

PSD2 Finally Enforced – Here is How to Get Started

Click here to download the slide deck. Please note that downloads are only available for event participants and subscribers. You'll need to log in to download it.

The Customer: Your New Boss Under the GDPR

In an era of fake news, data breaches, and the GDPR, earning consumers’ trust is a “must.” Come to this session to discover the SAP Customer Data Cloud from Gigya, your comprehensive solution for capturing consent and preferences, enabling customer control of personal data, and turning consumer data privacy into your market advantage.