SlideShare ist ein Scribd-Unternehmen logo

PSD2, SCA, WTF?

K
Kelley Robinson

A look at the Payment Services Directive 2 regulations and the Strong Customer Authentication requirements

Ingenieurwesen
1 von 31
Downloaden Sie, um offline zu lesen
® PSD2, SCA, WTF? Kelley Robinson | Twilio @kelleyrobinson
© 2019 TWILIO INC. ALL RIGHTS RESERVED. 💰$5.1B💰 In 2017
© 2019 TWILIO INC. ALL RIGHTS RESERVED. PSD2 Payment Services Directive 2
© 2019 TWILIO INC. ALL RIGHTS RESERVED. The original PSD (2007) • Objective: create a single market for modern payment services in the EU • Paved the way for new payment disruptors
© 2019 TWILIO INC. ALL RIGHTS RESERVED. What is PSD2? (2015) • Updated regulations governing payment service providers in the European Union • Applies to card not present (online) transactions
What's new in 2019?
 Strong customer authentication (SCA) for purchases over €30 © 2019 TWILIO INC. ALL RIGHTS RESERVED.
© 2019 TWILIO INC. ALL RIGHTS RESERVED. SCA applies where the payer: Accesses its payment account online A Initiates an electronic payment transaction B Carries out any [risky] action through a remote channel C
© 2019 TWILIO INC. ALL RIGHTS RESERVED. INHERENCE BIOMETRIC POSSESSION MOBILE PHONE KNOWLEDGE PASSWORD AUTHENTICATION FACTORS Two are required to achieve SCA
© 2019 TWILIO INC. ALL RIGHTS RESERVED. Beginning 14 September 2019, non- compliant payments that require SCA will be declined. Stripe Report on SCA
© 2019 TWILIO INC. ALL RIGHTS RESERVED. Not just for the EU • Other regions are introducing similar requirements • ROI for reducing fraudulent payments may be worthwhile regardless
© 2019 TWILIO INC. ALL RIGHTS RESERVED. Dynamic Linking Explained
© 2019 TWILIO INC. ALL RIGHTS RESERVED. Dynamic Linking Explained Use code 312568 to approve your Flourish and Blotts transaction of €713.00 to Gilderoy Lockhart
© 2019 TWILIO INC. ALL RIGHTS RESERVED. (a) the payer is made aware of the amount of the payment transaction and of the payee; Ensure the user is confident they are authenticating the right transaction.
© 2019 TWILIO INC. ALL RIGHTS RESERVED. (b) the authentication code generated is specific to the amount of the payment transaction Any code must be used for that specific transaction only.
© 2019 TWILIO INC. ALL RIGHTS RESERVED. (c) the authentication code accepted by the payment service provider corresponds to the original specific amount Once a valid code is accepted, other channel codes are invalidated.
© 2019 TWILIO INC. ALL RIGHTS RESERVED. (d) any change to the amount or the payee results in the invalidation of the authentication code generated. If transaction details change, invalidate all outstanding codes.
© 2019 TWILIO INC. ALL RIGHTS RESERVED. Exemptions • Low risk transactions (based on provider's fraud rates) • Under €30 • Recurring payments (fixed or variable "merchant initiated") • Over the phone payments
© 2019 TWILIO INC. ALL RIGHTS RESERVED. How to Implement SCA
© 2019 TWILIO INC. ALL RIGHTS RESERVED. 3D Secure • MFA implemented by credit card providers • V2 uses device data to do risk analysis & adaptive auth • MFA challenge still required for non-exempt SCA payments (no "frictionless" option)
© 2019 TWILIO INC. ALL RIGHTS RESERVED. SMS • No app install required • Easily include transaction info in the message body • Vulnerable to phishing & man in the middle attacks Use code 312568 to approve your Flourish and Blotts transaction of €713.00 to Gilderoy Lockhart
© 2019 TWILIO INC. ALL RIGHTS RESERVED. Transactional TOTP • Requires authenticator app • Works offline • Based on the Time-based One-time Passwords RFC 6238 standard • More secure than SMS
Demo © 2019 TWILIO INC. ALL RIGHTS RESERVED.
© 2019 TWILIO INC. ALL RIGHTS RESERVED. Push Authorization • Requires authenticator app and/or dev work • Cryptographically most secure • Seamless user experience • Easily customize with your brand
Security = Friction © 2019 TWILIO INC. ALL RIGHTS RESERVED.
Friction = Abandoned carts © 2019 TWILIO INC. ALL RIGHTS RESERVED.
© 2019 TWILIO INC. ALL RIGHTS RESERVED. Time is money • Slow transactions may lead to fewer sales • Offer options (+retries) to keep customers happy
© 2019 TWILIO INC. ALL RIGHTS RESERVED. Considerations • Are you a payment service provider? • Does your PSP already provide a solution? • Do you deal directly with consumers? (hospitality/travel booking) • Do you process payments immediately?
© 2019 TWILIO INC. ALL RIGHTS RESERVED. Resources About PSD2 + SCA Regulatory Technical Standards (aka The Law) Understanding Dynamic Linking Twilio PSD2 E-Book Stripe's Guide to SCA Wikipedia Reference Implementing SCA 3D secure Twilio Documentation Transactional TOTP Guide Push, SMS Guide with Twilio + Python
® THANK YOU @kelleyrobinson
© 2019 TWILIO INC. ALL RIGHTS RESERVED.

Empfohlen

Introduction to SHAKEN/STIR
Introduction to SHAKEN/STIRIntroduction to SHAKEN/STIR
Introduction to SHAKEN/STIRKelley Robinson
 
Designing customer account recovery in a 2FA world
Designing customer account recovery in a 2FA worldDesigning customer account recovery in a 2FA world
Designing customer account recovery in a 2FA worldKelley Robinson
 
2FA Best Practices
2FA Best Practices2FA Best Practices
2FA Best PracticesKelley Robinson
 
Auth on the web: better authentication
Auth on the web: better authenticationAuth on the web: better authentication
Auth on the web: better authenticationKelley Robinson
 
Identiverse 2020 - Account Recovery with 2FA
Identiverse 2020 - Account Recovery with 2FAIdentiverse 2020 - Account Recovery with 2FA
Identiverse 2020 - Account Recovery with 2FAKelley Robinson
 
WebAuthn
WebAuthnWebAuthn
WebAuthnKelley Robinson
 
2FA in 2020 and Beyond
2FA in 2020 and Beyond2FA in 2020 and Beyond
2FA in 2020 and BeyondKelley Robinson
 
Passwordless auth
Passwordless authPasswordless auth
Passwordless authLesha Bhansali
 

Empfohlen

Introduction to SHAKEN/STIR
Introduction to SHAKEN/STIRIntroduction to SHAKEN/STIR
Introduction to SHAKEN/STIRKelley Robinson
 
Designing customer account recovery in a 2FA world
Designing customer account recovery in a 2FA worldDesigning customer account recovery in a 2FA world
Designing customer account recovery in a 2FA worldKelley Robinson
 
2FA Best Practices
2FA Best Practices2FA Best Practices
2FA Best PracticesKelley Robinson
 
Auth on the web: better authentication
Auth on the web: better authenticationAuth on the web: better authentication
Auth on the web: better authenticationKelley Robinson
 
Identiverse 2020 - Account Recovery with 2FA
Identiverse 2020 - Account Recovery with 2FAIdentiverse 2020 - Account Recovery with 2FA
Identiverse 2020 - Account Recovery with 2FAKelley Robinson
 
WebAuthn
WebAuthnWebAuthn
WebAuthnKelley Robinson
 
2FA in 2020 and Beyond
2FA in 2020 and Beyond2FA in 2020 and Beyond
2FA in 2020 and BeyondKelley Robinson
 
Passwordless auth
Passwordless authPasswordless auth
Passwordless authLesha Bhansali
 
Passwordless is Possible - How to Remove Passwords and Improve Security
Passwordless is Possible - How to Remove Passwords and Improve Security Passwordless is Possible - How to Remove Passwords and Improve Security
Passwordless is Possible - How to Remove Passwords and Improve Security SecureAuth
 
Managing Identity without Boundaries
Managing Identity without BoundariesManaging Identity without Boundaries
Managing Identity without BoundariesPing Identity
 
HYPR: The Leading Provider of True Passwordless Security®
HYPR: The Leading Provider of True Passwordless Security®HYPR: The Leading Provider of True Passwordless Security®
HYPR: The Leading Provider of True Passwordless Security®HYPR
 
You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA Ping Identity
 
Connecting The Real World With The Virtual World
Connecting The Real World With The Virtual WorldConnecting The Real World With The Virtual World
Connecting The Real World With The Virtual WorldPing Identity
 
Mobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are AskingMobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are AskingLookout
 
Passwordless Authentication
Passwordless AuthenticationPasswordless Authentication
Passwordless AuthenticationEnterprise Management Associates
 
Digital Transformation and the Role of IAM
Digital Transformation and the Role of IAMDigital Transformation and the Role of IAM
Digital Transformation and the Role of IAMPing Identity
 
Catalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingCatalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingPing Identity
 
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkSecuring Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkIBM Security
 
Enabling Cloud Smart, Zero-Trust, and TIC
Enabling Cloud Smart, Zero-Trust, and TICEnabling Cloud Smart, Zero-Trust, and TIC
Enabling Cloud Smart, Zero-Trust, and TICAmazon Web Services
 
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...Ping Identity
 
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...Ping Identity
 
Identity Beyond Employees: How Customer Experience Impacts Your IAM Practices
Identity Beyond Employees: How Customer Experience Impacts Your IAM PracticesIdentity Beyond Employees: How Customer Experience Impacts Your IAM Practices
Identity Beyond Employees: How Customer Experience Impacts Your IAM PracticesPing Identity
 
API Security Needs AI Now More Than Ever
API Security Needs AI Now More Than EverAPI Security Needs AI Now More Than Ever
API Security Needs AI Now More Than EverPing Identity
 
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteThe Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteIBM Security
 
C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2Santosh Satam
 
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365 Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365SecureAuth
 
Webinar: Three Steps to Transform Your Mobile App into a Security Factor
Webinar: Three Steps to Transform Your Mobile App into a Security FactorWebinar: Three Steps to Transform Your Mobile App into a Security Factor
Webinar: Three Steps to Transform Your Mobile App into a Security FactorPing Identity
 
GDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
GDPR & Customer IAM: The Real Winners Won’t Stop At ComplianceGDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
GDPR & Customer IAM: The Real Winners Won’t Stop At CompliancePing Identity
 
Protecting your phone verification flow from fraud & abuse
Protecting your phone verification flow from fraud & abuseProtecting your phone verification flow from fraud & abuse
Protecting your phone verification flow from fraud & abuseKelley Robinson
 
Verinite cards conclave: How Banks are utilizing multiple channels to maximiz...
Verinite cards conclave: How Banks are utilizing multiple channels to maximiz...Verinite cards conclave: How Banks are utilizing multiple channels to maximiz...
Verinite cards conclave: How Banks are utilizing multiple channels to maximiz...Deepika Singh
 

Weitere ähnliche Inhalte

Was ist angesagt?

Passwordless is Possible - How to Remove Passwords and Improve Security
Passwordless is Possible - How to Remove Passwords and Improve Security Passwordless is Possible - How to Remove Passwords and Improve Security
Passwordless is Possible - How to Remove Passwords and Improve Security SecureAuth
 
Managing Identity without Boundaries
Managing Identity without BoundariesManaging Identity without Boundaries
Managing Identity without BoundariesPing Identity
 
HYPR: The Leading Provider of True Passwordless Security®
HYPR: The Leading Provider of True Passwordless Security®HYPR: The Leading Provider of True Passwordless Security®
HYPR: The Leading Provider of True Passwordless Security®HYPR
 
You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA Ping Identity
 
Connecting The Real World With The Virtual World
Connecting The Real World With The Virtual WorldConnecting The Real World With The Virtual World
Connecting The Real World With The Virtual WorldPing Identity
 
Mobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are AskingMobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are AskingLookout
 
Digital Transformation and the Role of IAM
Digital Transformation and the Role of IAMDigital Transformation and the Role of IAM
Digital Transformation and the Role of IAMPing Identity
 
Catalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingCatalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingPing Identity
 
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkSecuring Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkIBM Security
 
Enabling Cloud Smart, Zero-Trust, and TIC
Enabling Cloud Smart, Zero-Trust, and TICEnabling Cloud Smart, Zero-Trust, and TIC
Enabling Cloud Smart, Zero-Trust, and TICAmazon Web Services
 
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...Ping Identity
 
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...Ping Identity
 
Identity Beyond Employees: How Customer Experience Impacts Your IAM Practices
Identity Beyond Employees: How Customer Experience Impacts Your IAM PracticesIdentity Beyond Employees: How Customer Experience Impacts Your IAM Practices
Identity Beyond Employees: How Customer Experience Impacts Your IAM PracticesPing Identity
 
API Security Needs AI Now More Than Ever
API Security Needs AI Now More Than EverAPI Security Needs AI Now More Than Ever
API Security Needs AI Now More Than EverPing Identity
 
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteThe Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteIBM Security
 
C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2Santosh Satam
 
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365 Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365SecureAuth
 
Webinar: Three Steps to Transform Your Mobile App into a Security Factor
Webinar: Three Steps to Transform Your Mobile App into a Security FactorWebinar: Three Steps to Transform Your Mobile App into a Security Factor
Webinar: Three Steps to Transform Your Mobile App into a Security FactorPing Identity
 
GDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
GDPR & Customer IAM: The Real Winners Won’t Stop At ComplianceGDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
GDPR & Customer IAM: The Real Winners Won’t Stop At CompliancePing Identity
 

Was ist angesagt? (20)

Passwordless is Possible - How to Remove Passwords and Improve Security
Passwordless is Possible - How to Remove Passwords and Improve Security Passwordless is Possible - How to Remove Passwords and Improve Security
Passwordless is Possible - How to Remove Passwords and Improve Security
 
Managing Identity without Boundaries
Managing Identity without BoundariesManaging Identity without Boundaries
Managing Identity without Boundaries
 
HYPR: The Leading Provider of True Passwordless Security®
HYPR: The Leading Provider of True Passwordless Security®HYPR: The Leading Provider of True Passwordless Security®
HYPR: The Leading Provider of True Passwordless Security®
 
You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA
 
Connecting The Real World With The Virtual World
Connecting The Real World With The Virtual WorldConnecting The Real World With The Virtual World
Connecting The Real World With The Virtual World
 
Mobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are AskingMobile Security: The 5 Questions Modern Organizations Are Asking
Mobile Security: The 5 Questions Modern Organizations Are Asking
 
Passwordless Authentication
Passwordless AuthenticationPasswordless Authentication
Passwordless Authentication
 
Digital Transformation and the Role of IAM
Digital Transformation and the Role of IAMDigital Transformation and the Role of IAM
Digital Transformation and the Role of IAM
 
Catalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingCatalyst 2015: Patrick Harding
Catalyst 2015: Patrick Harding
 
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest LinkSecuring Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
Securing Mobile Banking Apps - You Are Only as Strong as Your Weakest Link
 
Enabling Cloud Smart, Zero-Trust, and TIC
Enabling Cloud Smart, Zero-Trust, and TICEnabling Cloud Smart, Zero-Trust, and TIC
Enabling Cloud Smart, Zero-Trust, and TIC
 
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
 
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
 
Identity Beyond Employees: How Customer Experience Impacts Your IAM Practices
Identity Beyond Employees: How Customer Experience Impacts Your IAM PracticesIdentity Beyond Employees: How Customer Experience Impacts Your IAM Practices
Identity Beyond Employees: How Customer Experience Impacts Your IAM Practices
 
API Security Needs AI Now More Than Ever
API Security Needs AI Now More Than EverAPI Security Needs AI Now More Than Ever
API Security Needs AI Now More Than Ever
 
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteThe Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
 
C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2
 
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365 Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
 
Webinar: Three Steps to Transform Your Mobile App into a Security Factor
Webinar: Three Steps to Transform Your Mobile App into a Security FactorWebinar: Three Steps to Transform Your Mobile App into a Security Factor
Webinar: Three Steps to Transform Your Mobile App into a Security Factor
 
GDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
GDPR & Customer IAM: The Real Winners Won’t Stop At ComplianceGDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
GDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
 

Ähnlich wie PSD2, SCA, WTF?

Protecting your phone verification flow from fraud & abuse
Protecting your phone verification flow from fraud & abuseProtecting your phone verification flow from fraud & abuse
Protecting your phone verification flow from fraud & abuseKelley Robinson
 
Verinite cards conclave: How Banks are utilizing multiple channels to maximiz...
Verinite cards conclave: How Banks are utilizing multiple channels to maximiz...Verinite cards conclave: How Banks are utilizing multiple channels to maximiz...
Verinite cards conclave: How Banks are utilizing multiple channels to maximiz...Deepika Singh
 
TAG | Bill Pay Services for the Family Office & High-Net-Worth
TAG | Bill Pay Services for the Family Office & High-Net-WorthTAG | Bill Pay Services for the Family Office & High-Net-Worth
TAG | Bill Pay Services for the Family Office & High-Net-WorthTAG
 
Prepaid for Perfect Fit Payments
Prepaid for Perfect Fit Payments Prepaid for Perfect Fit Payments
Prepaid for Perfect Fit Payments Ixaris Systems
 
Keeping Your Customers Happy and Safe: Authentication and Authorization Strat...
Keeping Your Customers Happy and Safe: Authentication and Authorization Strat...Keeping Your Customers Happy and Safe: Authentication and Authorization Strat...
Keeping Your Customers Happy and Safe: Authentication and Authorization Strat...TransUnion
 
BizDay: Trusted Data Exchange for Corp and Supplier Onboarding, Capgemini
BizDay: Trusted Data Exchange for Corp and Supplier Onboarding, CapgeminiBizDay: Trusted Data Exchange for Corp and Supplier Onboarding, Capgemini
BizDay: Trusted Data Exchange for Corp and Supplier Onboarding, CapgeminiR3
 
DFS22_Main Stage_ Audrey Chabin_Visa_041022
DFS22_Main Stage_ Audrey Chabin_Visa_041022DFS22_Main Stage_ Audrey Chabin_Visa_041022
DFS22_Main Stage_ Audrey Chabin_Visa_041022FinTech Belgium
 
Strong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsStrong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsFIDO Alliance
 
MIND_revenue_release-Q4-2021.pdf
MIND_revenue_release-Q4-2021.pdfMIND_revenue_release-Q4-2021.pdf
MIND_revenue_release-Q4-2021.pdfMIND CTI
 
Digits ico-deck-v9 (1)
Digits ico-deck-v9 (1)Digits ico-deck-v9 (1)
Digits ico-deck-v9 (1)Etheralabs
 
FIDO and Mobile Connect
FIDO and Mobile ConnectFIDO and Mobile Connect
FIDO and Mobile ConnectFIDO Alliance
 
The 7 Biggest Technology Trends To Disrupt Banking & Financial Services In 2020
The 7 Biggest Technology Trends To Disrupt Banking & Financial Services In 2020The 7 Biggest Technology Trends To Disrupt Banking & Financial Services In 2020
The 7 Biggest Technology Trends To Disrupt Banking & Financial Services In 2020Bernard Marr
 
Managing Working Capital during COVID-19
Managing Working Capital during COVID-19Managing Working Capital during COVID-19
Managing Working Capital during COVID-19Kyriba Corporation
 
MIND Revenue Release Q1 2022
MIND Revenue Release Q1 2022MIND Revenue Release Q1 2022
MIND Revenue Release Q1 2022MIND CTI
 
Mind revenue release-q1-2021
Mind revenue release-q1-2021Mind revenue release-q1-2021
Mind revenue release-q1-2021MIND CTI
 
Sme financial tools finview
Sme financial tools finviewSme financial tools finview
Sme financial tools finviewWilliam Vermont
 
TapiX - give meaning to your data .pptx
TapiX - give meaning to your data .pptxTapiX - give meaning to your data .pptx
TapiX - give meaning to your data .pptximonKo1
 

Ähnlich wie PSD2, SCA, WTF? (20)

Protecting your phone verification flow from fraud & abuse
Protecting your phone verification flow from fraud & abuseProtecting your phone verification flow from fraud & abuse
Protecting your phone verification flow from fraud & abuse
 
Verinite cards conclave: How Banks are utilizing multiple channels to maximiz...
Verinite cards conclave: How Banks are utilizing multiple channels to maximiz...Verinite cards conclave: How Banks are utilizing multiple channels to maximiz...
Verinite cards conclave: How Banks are utilizing multiple channels to maximiz...
 
TAG | Bill Pay Services for the Family Office & High-Net-Worth
TAG | Bill Pay Services for the Family Office & High-Net-WorthTAG | Bill Pay Services for the Family Office & High-Net-Worth
TAG | Bill Pay Services for the Family Office & High-Net-Worth
 
Prepaid for Perfect Fit Payments
Prepaid for Perfect Fit Payments Prepaid for Perfect Fit Payments
Prepaid for Perfect Fit Payments
 
Keeping Your Customers Happy and Safe: Authentication and Authorization Strat...
Keeping Your Customers Happy and Safe: Authentication and Authorization Strat...Keeping Your Customers Happy and Safe: Authentication and Authorization Strat...
Keeping Your Customers Happy and Safe: Authentication and Authorization Strat...
 
BizDay: Trusted Data Exchange for Corp and Supplier Onboarding, Capgemini
BizDay: Trusted Data Exchange for Corp and Supplier Onboarding, CapgeminiBizDay: Trusted Data Exchange for Corp and Supplier Onboarding, Capgemini
BizDay: Trusted Data Exchange for Corp and Supplier Onboarding, Capgemini
 
Wow vo ip company
Wow vo ip companyWow vo ip company
Wow vo ip company
 
DFS22_Main Stage_ Audrey Chabin_Visa_041022
DFS22_Main Stage_ Audrey Chabin_Visa_041022DFS22_Main Stage_ Audrey Chabin_Visa_041022
DFS22_Main Stage_ Audrey Chabin_Visa_041022
 
Strong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsStrong Customer Authentication & Biometrics
Strong Customer Authentication & Biometrics
 
MIND_revenue_release-Q4-2021.pdf
MIND_revenue_release-Q4-2021.pdfMIND_revenue_release-Q4-2021.pdf
MIND_revenue_release-Q4-2021.pdf
 
Digits ico-deck-v9 (1)
Digits ico-deck-v9 (1)Digits ico-deck-v9 (1)
Digits ico-deck-v9 (1)
 
Banking and Mobile Identity
Banking and Mobile IdentityBanking and Mobile Identity
Banking and Mobile Identity
 
FIDO and Mobile Connect
FIDO and Mobile ConnectFIDO and Mobile Connect
FIDO and Mobile Connect
 
2020 kyriba payment_network
2020 kyriba payment_network2020 kyriba payment_network
2020 kyriba payment_network
 
The 7 Biggest Technology Trends To Disrupt Banking & Financial Services In 2020
The 7 Biggest Technology Trends To Disrupt Banking & Financial Services In 2020The 7 Biggest Technology Trends To Disrupt Banking & Financial Services In 2020
The 7 Biggest Technology Trends To Disrupt Banking & Financial Services In 2020
 
Managing Working Capital during COVID-19
Managing Working Capital during COVID-19Managing Working Capital during COVID-19
Managing Working Capital during COVID-19
 
MIND Revenue Release Q1 2022
MIND Revenue Release Q1 2022MIND Revenue Release Q1 2022
MIND Revenue Release Q1 2022
 
Mind revenue release-q1-2021
Mind revenue release-q1-2021Mind revenue release-q1-2021
Mind revenue release-q1-2021
 
Sme financial tools finview
Sme financial tools finviewSme financial tools finview
Sme financial tools finview
 
TapiX - give meaning to your data .pptx
TapiX - give meaning to your data .pptxTapiX - give meaning to your data .pptx
TapiX - give meaning to your data .pptx
 

Mehr von Kelley Robinson

Preventing phone verification fraud (SMS pumping)
Preventing phone verification fraud (SMS pumping)Preventing phone verification fraud (SMS pumping)
Preventing phone verification fraud (SMS pumping)Kelley Robinson
 
Introduction to Public Key Cryptography
Introduction to Public Key CryptographyIntroduction to Public Key Cryptography
Introduction to Public Key CryptographyKelley Robinson
 
Building a Better Scala Community
Building a Better Scala CommunityBuilding a Better Scala Community
Building a Better Scala CommunityKelley Robinson
 
BSides SF - Contact Center Authentication
BSides SF - Contact Center AuthenticationBSides SF - Contact Center Authentication
BSides SF - Contact Center AuthenticationKelley Robinson
 
Communication @ Startups
Communication @ StartupsCommunication @ Startups
Communication @ StartupsKelley Robinson
 
Contact Center Authentication
Contact Center AuthenticationContact Center Authentication
Contact Center AuthenticationKelley Robinson
 
Authentication Beyond SMS
Authentication Beyond SMSAuthentication Beyond SMS
Authentication Beyond SMSKelley Robinson
 
BSides PDX - Threat Modeling Authentication
BSides PDX - Threat Modeling AuthenticationBSides PDX - Threat Modeling Authentication
BSides PDX - Threat Modeling AuthenticationKelley Robinson
 
SIGNAL - Practical Cryptography
SIGNAL - Practical CryptographySIGNAL - Practical Cryptography
SIGNAL - Practical CryptographyKelley Robinson
 
Analyzing Pwned Passwords with Spark - OWASP Meetup July 2018
Analyzing Pwned Passwords with Spark - OWASP Meetup July 2018Analyzing Pwned Passwords with Spark - OWASP Meetup July 2018
Analyzing Pwned Passwords with Spark - OWASP Meetup July 2018Kelley Robinson
 
Analyzing Pwned Passwords with Spark and Scala
Analyzing Pwned Passwords with Spark and ScalaAnalyzing Pwned Passwords with Spark and Scala
Analyzing Pwned Passwords with Spark and ScalaKelley Robinson
 
Analyzing Pwned Passwords with Spark and Scala
Analyzing Pwned Passwords with Spark and ScalaAnalyzing Pwned Passwords with Spark and Scala
Analyzing Pwned Passwords with Spark and ScalaKelley Robinson
 
Forget what you think you know: Redefining functional programming for Scala
Forget what you think you know: Redefining functional programming for ScalaForget what you think you know: Redefining functional programming for Scala
Forget what you think you know: Redefining functional programming for ScalaKelley Robinson
 

Mehr von Kelley Robinson (20)

Preventing phone verification fraud (SMS pumping)
Preventing phone verification fraud (SMS pumping)Preventing phone verification fraud (SMS pumping)
Preventing phone verification fraud (SMS pumping)
 
Introduction to Public Key Cryptography
Introduction to Public Key CryptographyIntroduction to Public Key Cryptography
Introduction to Public Key Cryptography
 
Intro to SHAKEN/STIR
Intro to SHAKEN/STIRIntro to SHAKEN/STIR
Intro to SHAKEN/STIR
 
Building a Better Scala Community
Building a Better Scala CommunityBuilding a Better Scala Community
Building a Better Scala Community
 
BSides SF - Contact Center Authentication
BSides SF - Contact Center AuthenticationBSides SF - Contact Center Authentication
BSides SF - Contact Center Authentication
 
Communication @ Startups
Communication @ StartupsCommunication @ Startups
Communication @ Startups
 
Contact Center Authentication
Contact Center AuthenticationContact Center Authentication
Contact Center Authentication
 
Authentication Beyond SMS
Authentication Beyond SMSAuthentication Beyond SMS
Authentication Beyond SMS
 
BSides PDX - Threat Modeling Authentication
BSides PDX - Threat Modeling AuthenticationBSides PDX - Threat Modeling Authentication
BSides PDX - Threat Modeling Authentication
 
SIGNAL - Practical Cryptography
SIGNAL - Practical CryptographySIGNAL - Practical Cryptography
SIGNAL - Practical Cryptography
 
Practical Cryptography
Practical CryptographyPractical Cryptography
Practical Cryptography
 
2FA, WTF!?
2FA, WTF!?2FA, WTF!?
2FA, WTF!?
 
2FA WTF
2FA WTF2FA WTF
2FA WTF
 
Analyzing Pwned Passwords with Spark - OWASP Meetup July 2018
Analyzing Pwned Passwords with Spark - OWASP Meetup July 2018Analyzing Pwned Passwords with Spark - OWASP Meetup July 2018
Analyzing Pwned Passwords with Spark - OWASP Meetup July 2018
 
Analyzing Pwned Passwords with Spark and Scala
Analyzing Pwned Passwords with Spark and ScalaAnalyzing Pwned Passwords with Spark and Scala
Analyzing Pwned Passwords with Spark and Scala
 
Practical Cryptography
Practical CryptographyPractical Cryptography
Practical Cryptography
 
Analyzing Pwned Passwords with Spark and Scala
Analyzing Pwned Passwords with Spark and ScalaAnalyzing Pwned Passwords with Spark and Scala
Analyzing Pwned Passwords with Spark and Scala
 
2FA, OTP, WTF?
2FA, OTP, WTF?2FA, OTP, WTF?
2FA, OTP, WTF?
 
Forget what you think you know: Redefining functional programming for Scala
Forget what you think you know: Redefining functional programming for ScalaForget what you think you know: Redefining functional programming for Scala
Forget what you think you know: Redefining functional programming for Scala
 
Demystifying Scala
Demystifying ScalaDemystifying Scala
Demystifying Scala
 

Kürzlich hochgeladen

UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performancesivaprakash250
 
UNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular ConduitsUNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular Conduitsrknatarajan
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...ranjana rawat
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Christo Ananth
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Dr.Costas Sachpazis
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSKurinjimalarL3
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escortsranjana rawat
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )Tsuyoshi Horigome
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxupamatechverse
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSRajkumarAkumalla
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college projectTonystark477637
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Suman Mia
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxupamatechverse
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 

Kürzlich hochgeladen (20)

UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performance
 
UNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular ConduitsUNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular Conduits
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptx
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college project
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptx
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 

PSD2, SCA, WTF?

  • 1. ® PSD2, SCA, WTF? Kelley Robinson | Twilio @kelleyrobinson
  • 2. © 2019 TWILIO INC. ALL RIGHTS RESERVED. 💰$5.1B💰 In 2017
  • 3. © 2019 TWILIO INC. ALL RIGHTS RESERVED. PSD2 Payment Services Directive 2
  • 4. © 2019 TWILIO INC. ALL RIGHTS RESERVED. The original PSD (2007) • Objective: create a single market for modern payment services in the EU • Paved the way for new payment disruptors
  • 5. © 2019 TWILIO INC. ALL RIGHTS RESERVED. What is PSD2? (2015) • Updated regulations governing payment service providers in the European Union • Applies to card not present (online) transactions
  • 6. What's new in 2019?
 Strong customer authentication (SCA) for purchases over €30 © 2019 TWILIO INC. ALL RIGHTS RESERVED.
  • 7. © 2019 TWILIO INC. ALL RIGHTS RESERVED. SCA applies where the payer: Accesses its payment account online A Initiates an electronic payment transaction B Carries out any [risky] action through a remote channel C
  • 8. © 2019 TWILIO INC. ALL RIGHTS RESERVED. INHERENCE BIOMETRIC POSSESSION MOBILE PHONE KNOWLEDGE PASSWORD AUTHENTICATION FACTORS Two are required to achieve SCA
  • 9.
  • 10. © 2019 TWILIO INC. ALL RIGHTS RESERVED. Beginning 14 September 2019, non- compliant payments that require SCA will be declined. Stripe Report on SCA
  • 11. © 2019 TWILIO INC. ALL RIGHTS RESERVED. Not just for the EU • Other regions are introducing similar requirements • ROI for reducing fraudulent payments may be worthwhile regardless
  • 12. © 2019 TWILIO INC. ALL RIGHTS RESERVED. Dynamic Linking Explained
  • 13. © 2019 TWILIO INC. ALL RIGHTS RESERVED. Dynamic Linking Explained Use code 312568 to approve your Flourish and Blotts transaction of €713.00 to Gilderoy Lockhart
  • 14. © 2019 TWILIO INC. ALL RIGHTS RESERVED. (a) the payer is made aware of the amount of the payment transaction and of the payee; Ensure the user is confident they are authenticating the right transaction.
  • 15. © 2019 TWILIO INC. ALL RIGHTS RESERVED. (b) the authentication code generated is specific to the amount of the payment transaction Any code must be used for that specific transaction only.
  • 16. © 2019 TWILIO INC. ALL RIGHTS RESERVED. (c) the authentication code accepted by the payment service provider corresponds to the original specific amount Once a valid code is accepted, other channel codes are invalidated.
  • 17. © 2019 TWILIO INC. ALL RIGHTS RESERVED. (d) any change to the amount or the payee results in the invalidation of the authentication code generated. If transaction details change, invalidate all outstanding codes.
  • 18. © 2019 TWILIO INC. ALL RIGHTS RESERVED. Exemptions • Low risk transactions (based on provider's fraud rates) • Under €30 • Recurring payments (fixed or variable "merchant initiated") • Over the phone payments
  • 19. © 2019 TWILIO INC. ALL RIGHTS RESERVED. How to Implement SCA
  • 20. © 2019 TWILIO INC. ALL RIGHTS RESERVED. 3D Secure • MFA implemented by credit card providers • V2 uses device data to do risk analysis & adaptive auth • MFA challenge still required for non-exempt SCA payments (no "frictionless" option)
  • 21. © 2019 TWILIO INC. ALL RIGHTS RESERVED. SMS • No app install required • Easily include transaction info in the message body • Vulnerable to phishing & man in the middle attacks Use code 312568 to approve your Flourish and Blotts transaction of €713.00 to Gilderoy Lockhart
  • 22. © 2019 TWILIO INC. ALL RIGHTS RESERVED. Transactional TOTP • Requires authenticator app • Works offline • Based on the Time-based One-time Passwords RFC 6238 standard • More secure than SMS
  • 23. Demo © 2019 TWILIO INC. ALL RIGHTS RESERVED.
  • 24. © 2019 TWILIO INC. ALL RIGHTS RESERVED. Push Authorization • Requires authenticator app and/or dev work • Cryptographically most secure • Seamless user experience • Easily customize with your brand
  • 25. Security = Friction © 2019 TWILIO INC. ALL RIGHTS RESERVED.
  • 26. Friction = Abandoned carts © 2019 TWILIO INC. ALL RIGHTS RESERVED.
  • 27. © 2019 TWILIO INC. ALL RIGHTS RESERVED. Time is money • Slow transactions may lead to fewer sales • Offer options (+retries) to keep customers happy
  • 28. © 2019 TWILIO INC. ALL RIGHTS RESERVED. Considerations • Are you a payment service provider? • Does your PSP already provide a solution? • Do you deal directly with consumers? (hospitality/travel booking) • Do you process payments immediately?
  • 29. © 2019 TWILIO INC. ALL RIGHTS RESERVED. Resources About PSD2 + SCA Regulatory Technical Standards (aka The Law) Understanding Dynamic Linking Twilio PSD2 E-Book Stripe's Guide to SCA Wikipedia Reference Implementing SCA 3D secure Twilio Documentation Transactional TOTP Guide Push, SMS Guide with Twilio + Python
  • 31. © 2019 TWILIO INC. ALL RIGHTS RESERVED.