With PSD2, 3rd party providers are given an access to bank accounts and even have an ability to initiate payments. As a result, banks need to revise their approach to digital channel security and invest in new categories of security solutions. During the talk, we will present an overview of existing security components for digital banking that will help you harden your system security and comply with SCA under PSD2.
4. Open Banking Changes the Landscape
• Banks are losing monopoly to their digital channels.
• New FinTech challengers are entering the market.
• Banks are inventing new business models.
• The legislation is catching up (too) slowly.
• Customers are expecting "more and better."
9. Garmin Pay™
Hello, will your bank support
payments with Garmin watch
or Apple Pay anytime soon?
10. Open Banking is a Catalyst of Change
• More: freedom, choice, products, channels, …
• Better: user experience, design, terms, …
• Getting it right takes time, money and effort.
• Changes the view on security as well.
11. Security Solutions by Wultra
• Key players on a Czech market in digital banking security.
• Better or equal products as our global competition.
• Cost savings of 5-10x, based on scope.
• Open documentation, mostly open-source code.
We commoditize digital security for banking channels
12.
13. Security Solutions by Wultra
• Key players on a Czech market in digital banking security.
• Better or equal products as our global competition.
• Cost savings of 5-10x, depending on scope.
• Open documentation, mostly open-source code.
We commoditize digital security for banking channels.
15. Security Consideration
• A transaction can come from anywhere.
• Users expect seamless user experience.
• However, users also expect good security.
• The legislation specifies framework (SCA under PSD2).
• New digital channels emerge, mobile usage grows.
16. Quick Note:
Mobile Banking vs. Security
Mobile Banking - rapidly growing.
Internet Banking - steady (maybe
slowly declining).
Investment in security per 1 monthly
active user (MAU) on MB are ~30-40%
of the investments on IB.
* Situation in the Czech market.
Customers perceive mobile banking as less secure than the Internet banking, while the
actual number of emerged threats and financial damages occurs on the Internet
banking.
29. Internet Banking Mobile Banking
ESB
Core Systems
API Gateway
API1 API2
Federated
Auth.
Fraud
Detection
System
Customer
Acquisition
Mobile Token
App Shielding
Anti-Virus
VPN Proxy
Behavioral
Auth.
Mobile SCA
Push
Notifications
30. Mobile Security Suite (SCA), Mobile Token, Web Flow ("Federated Login")
Behavioral Authentication, Fraud Detection
Secure Communication Channel
Anti-Virus, VPN Proxy, Password Management
Customer Acquisition ("ZEN ID"), API Gateway
Runtime Application Self-Protection (RASP, "App Shielding")
34. • On-device customer acquisition.
• Run-time protection via App Shielding.
• Simple login and operation approval.
• Real-time card payment notifications.
Case Study:
35. • Secure on-device enrollment.
• Simple login with PIN code or biometry.
• Simple operation approval via PIN or biometry.
Case Study:
36. • Federated authentication and authorization.
• Support for 3rd party applications.
• Dynamic next step resolution.
• Support for Mobile token app.
Case Study:
37. • Fast operation approval via PIN or biometry.
• Dynamic, per-operation configuration.
• Support for push notifications and off-line mode.
• Runtime protection via App Shielding.
• Document and contract signatures.
Case Study: