SlideShare ist ein Scribd-Unternehmen logo

Get Strong Customer Authentication Ready for PSD2

WSO2
WSO2

This webinar discusses getting ready for Strong Customer Authentication (SCA) requirements under PSD2. SCA requires authentication using two or more elements to help prevent fraud. The document outlines the motivation for SCA, defines its three elements, and discusses its potential negative impact on user experience. It suggests introducing SCA incrementally to help adoption and providing frictionless experiences. WSO2 Open Banking is highlighted as enabling effective SCA through customization flexibility, authentication freedom, and adaptive authentication capabilities.

Technologie
1 von 26
Downloaden Sie, um offline zu lesen
Get Strong Customer Authentication Ready for PSD2 Kaveen Rodrigo Senior Software Engineer
Webinar Outline ● Motivation for this webinar ● Defining Strong Customer Authentication (SCA) ○ SCA in the context of Open Banking flows ○ Three elements of SCA ○ User experience impact of SCA ● Providing better SCA experiences for customers ● How WSO2 Open Banking enables SCA
Motivation
Stakeholders Not Ready For SCA ● Financial Conduct Authority UK pushes SCA deadlines 18 months ahead. ○ Acknowledges the complexity of SCA requirements and customer adoption ○ Phased roll out of PSD2 SCA https://www.fca.org.uk/news/press-releases/fca-agrees-plan-phased-implementation-strong-customer-authentication
Strong Customer Authentication
What’s SCA Trying to Solve? • PSD2 allows accredited third parties to gain access to customer accounts/payments with customer consent • Ensures the consenting customer is not a fraudulent entity attempting to gain access
1. Initiating Application 5. Perform Transaction TPP ASPSPPSU 2. Request Consent 4. Sent Consent Status 3. Confirm Consent
Benefit of SCA for Open Banking • Transactions only take place with user consent • Gives assurance to banks and users that the request was understood and agreed upon (WYSIWYS) • Promotes transparency throughout the transaction to consumers and the bank. • Strongly authenticates the user to avoid any fraudsters 8
Strong Customer Authentication • SCA is an mandatory requirement for PSD2 implementers • Authentication should take place in two or more elements 9 ‘strong customer authentication’ means an authentication based on the use of two or more elements - PSD2
The Three Elements of SCA 10
What is Considered as SCA? ✅ User identifier and password (Knowledge) and SMS one time password (Possession). ✅ Private pin (Knowledge) and OOBA fingerprint authentication (Possession/Inherence) User Identifier and password (Knowledge) and Security Pin (Knowledge) 11
Unwanted Effects of SCA • Existing internet banking customers who aren’t familiar with multi-factor authentication • Continued use of SCA may tire customers and cause friction to minimum risk transactions • Hindrance to user experience 12
Providing Frictionless SCA Experiences
Introducing Customers to SCA ● Strategy to roll-out SCA incrementally to help adoption of open banking: ○ Easing the SCA process on initial roll-out ○ Getting customers to adopt an SCA compliant second factors 14
15 Authorisation User Interfaces “Consumer research has shown that people find a recognisable ASPSP login page and process reassuring and increases their confidence in the journey” ● Customer Experience Guidelines 7.2
16 Clarity of Consumer Consent “Research amongst consumers has shown that the summary information step acts as a confirmation of exactly what they have consented to” ● Customer Experience Guidelines 7.2
17 Use of Decoupled Authentication “Research shows that consumers are familiar with decoupled authentication when making a payment or setting up a new payment ... Many welcome the additional level of security decoupled authentication provides.” ● Customer Experience Guidelines 7.2 TPP Bank TPP Consumption Device Authorisation Device 1 2 3 4
18 Adaptive Authentication With adaptive authentication, SCA is only applied in scenarios where the transaction risk is high, therefore the the SCA process is applied intelligently. Transaction amount > 30 Euros Transaction amount < 30 Euros Basic Authentication Second SCA element Basic Authentication Authenticated With SCA Authenticated With CA
How WSO2 Open Banking Enables Effective SCA
Customization Flexibility ● WSO2 Open banking provides flexibility to customize the SCA flow ○ Custom Authenticators ○ APIs for consent management ○ Authorization portal customization 20
Authentication Freedom • WSO2 Open Banking is built on top of the WSO2 Identity Server and comes with the same flexibilities • Already existing zero-code pluggable authenticators Authenticator = SCA Element https://docs.wso2.com/display/OB140/Adding+Custom+Authenticators 21
Adaptive Authentication Capability • WSO2 Open Banking provides flexible adaptive authentication scripting • WSO2 Open Banking business intelligence provides out-of-the-box transaction risk analysis and fraud detection https://docs.wso2.com/display/OB140/Integrate+Open+Banking+Business+Intelligence 22
Takeaway Points • SCA is an integral part of PSD2 Open Banking • The implementation strategy will play an important role in the adoption of open banking • Special thought on UX is necessary when selecting factors for SCA • Flexible SCA options will encourage different consumer groups to adopt open banking 23
Any Questions?
Lean More On WSO2 Open Banking More Information http://wso2.com/solutions/financial/open-banking/ Try out WSO2 Open Banking https://openbanking.wso2.com Get in Touch openbankingdemo@wso2.com
THANK YOU wso2.com

Empfohlen

Psd2 challenges
Psd2 challenges Psd2 challenges
Psd2 challenges
Goran Angelov
 
Sibos 2016 - Access to Account
Sibos 2016 - Access to Account Sibos 2016 - Access to Account
Sibos 2016 - Access to Account
Aya El Mernissi
 
Holos psd2 open-api
Holos psd2 open-apiHolos psd2 open-api
Holos psd2 open-api
Capgemini
 
PSD2 and 3DS2. The impact.
PSD2 and 3DS2. The impact.PSD2 and 3DS2. The impact.
PSD2 and 3DS2. The impact.
Lewis Horder
 
corp_pymt_whitepaper
corp_pymt_whitepapercorp_pymt_whitepaper
corp_pymt_whitepaper
Killian Clifford
 
Psd2 in a nutshell
Psd2 in a nutshellPsd2 in a nutshell
Psd2 in a nutshell
Initio
 
PSD2: Making it actionable
PSD2: Making it actionablePSD2: Making it actionable
PSD2: Making it actionable
Backbase
 
PSD2: The Advent of the New Payments Market in Europe
PSD2: The Advent of the New Payments Market in EuropePSD2: The Advent of the New Payments Market in Europe
PSD2: The Advent of the New Payments Market in Europe
TransUnion
 

Empfohlen

Psd2 challenges
Psd2 challenges Psd2 challenges
Psd2 challenges
Goran Angelov
 
Sibos 2016 - Access to Account
Sibos 2016 - Access to Account Sibos 2016 - Access to Account
Sibos 2016 - Access to Account
Aya El Mernissi
 
Holos psd2 open-api
Holos psd2 open-apiHolos psd2 open-api
Holos psd2 open-api
Capgemini
 
PSD2 and 3DS2. The impact.
PSD2 and 3DS2. The impact.PSD2 and 3DS2. The impact.
PSD2 and 3DS2. The impact.
Lewis Horder
 
corp_pymt_whitepaper
corp_pymt_whitepapercorp_pymt_whitepaper
corp_pymt_whitepaper
Killian Clifford
 
Psd2 in a nutshell
Psd2 in a nutshellPsd2 in a nutshell
Psd2 in a nutshell
Initio
 
PSD2: Making it actionable
PSD2: Making it actionablePSD2: Making it actionable
PSD2: Making it actionable
Backbase
 
PSD2: The Advent of the New Payments Market in Europe
PSD2: The Advent of the New Payments Market in EuropePSD2: The Advent of the New Payments Market in Europe
PSD2: The Advent of the New Payments Market in Europe
TransUnion
 
Σίσσυ Παπαγιαννίδου, Διευθύντρια της Διεύθυνσης Εποπτείας Πιστωτικού Συστήματ...
Σίσσυ Παπαγιαννίδου, Διευθύντρια της Διεύθυνσης Εποπτείας Πιστωτικού Συστήματ...Σίσσυ Παπαγιαννίδου, Διευθύντρια της Διεύθυνσης Εποπτείας Πιστωτικού Συστήματ...
Σίσσυ Παπαγιαννίδου, Διευθύντρια της Διεύθυνσης Εποπτείας Πιστωτικού Συστήματ...
Starttech Ventures
 
PSD2 - The second Payment Services Directive
PSD2 - The second Payment Services DirectivePSD2 - The second Payment Services Directive
PSD2 - The second Payment Services Directive
Emilie Scalla
 
PSD2 Building Certainty : Payments Knowledge Forum 2015
PSD2 Building Certainty : Payments Knowledge Forum 2015PSD2 Building Certainty : Payments Knowledge Forum 2015
PSD2 Building Certainty : Payments Knowledge Forum 2015
The ID Co.
 
Commodity to Ecosystem - Supporting customer lifestyles beyond banking
Commodity to Ecosystem - Supporting customer lifestyles beyond banking Commodity to Ecosystem - Supporting customer lifestyles beyond banking
Commodity to Ecosystem - Supporting customer lifestyles beyond banking
WSO2
 
PISP Journey Based on Open Banking UK
PISP Journey Based on Open Banking UKPISP Journey Based on Open Banking UK
PISP Journey Based on Open Banking UK
WSO2
 
EPA PSD2 Presentation 23 February 2016
EPA PSD2 Presentation 23 February 2016EPA PSD2 Presentation 23 February 2016
EPA PSD2 Presentation 23 February 2016
John Pauley
 
Digitalization of Banking in bangladesh
Digitalization of Banking in bangladeshDigitalization of Banking in bangladesh
Digitalization of Banking in bangladesh
Mohammad Al Amin
 
Digital banking and its benefits
Digital banking and its benefitsDigital banking and its benefits
Digital banking and its benefits
Vijaya Bank
 
Payveris_Whitepaper The Case for API in Retail Banking
Payveris_Whitepaper The Case for API in Retail BankingPayveris_Whitepaper The Case for API in Retail Banking
Payveris_Whitepaper The Case for API in Retail Banking
Wanda Gorges
 
CORE banking, a black box explained
CORE banking, a black box explainedCORE banking, a black box explained
CORE banking, a black box explained
Giorgio Giuliani
 
AI-empowered Omnichannel Digital Banking Platform
AI-empowered Omnichannel Digital Banking PlatformAI-empowered Omnichannel Digital Banking Platform
AI-empowered Omnichannel Digital Banking Platform
BanQ Systems
 
Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610
Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610 Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610
Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610
FinTech Belgium
 
World Payments Report 2014 Key Findings Presentation
World Payments Report 2014 Key Findings PresentationWorld Payments Report 2014 Key Findings Presentation
World Payments Report 2014 Key Findings Presentation
Capgemini
 
Backbase Webinar: Everyday banking
Backbase Webinar: Everyday banking Backbase Webinar: Everyday banking
Backbase Webinar: Everyday banking
Backbase
 
The New Payments Platform: Fast-Forward to the Future
The New Payments Platform: Fast-Forward to the FutureThe New Payments Platform: Fast-Forward to the Future
The New Payments Platform: Fast-Forward to the Future
Cognizant
 
Tradetech Hybrid MeetUp_P.Mollard_Ibanfirst_210610
Tradetech Hybrid MeetUp_P.Mollard_Ibanfirst_210610Tradetech Hybrid MeetUp_P.Mollard_Ibanfirst_210610
Tradetech Hybrid MeetUp_P.Mollard_Ibanfirst_210610
FinTech Belgium
 
Building a Fool Proof Security Strategy for PSD2 Compliance
Building a Fool Proof Security Strategy for PSD2 ComplianceBuilding a Fool Proof Security Strategy for PSD2 Compliance
Building a Fool Proof Security Strategy for PSD2 Compliance
WSO2
 
[APIdays Singapore 2019] Implementing a Successful Open Banking Architecture
[APIdays Singapore 2019] Implementing a Successful Open Banking Architecture[APIdays Singapore 2019] Implementing a Successful Open Banking Architecture
[APIdays Singapore 2019] Implementing a Successful Open Banking Architecture
WSO2
 
Application on Know Your Customer Authentication
Application on Know Your Customer AuthenticationApplication on Know Your Customer Authentication
Application on Know Your Customer Authentication
IRJET Journal
 
Go Beyond PSD2 Compliance with Digital Identity
Go Beyond PSD2 Compliance with Digital Identity Go Beyond PSD2 Compliance with Digital Identity
Go Beyond PSD2 Compliance with Digital Identity
ForgeRock
 
KYC VERIFICATION USING BLOCKCHAIN
KYC VERIFICATION USING BLOCKCHAINKYC VERIFICATION USING BLOCKCHAIN
KYC VERIFICATION USING BLOCKCHAIN
IRJET Journal
 
Move your customer authentication to the next level!
Move your customer authentication to the next level!Move your customer authentication to the next level!
Move your customer authentication to the next level!
Ivona M
 

Weitere ähnliche Inhalte

Was ist angesagt?

PSD2 - The second Payment Services Directive
PSD2 - The second Payment Services DirectivePSD2 - The second Payment Services Directive
PSD2 - The second Payment Services Directive
Emilie Scalla
 
Commodity to Ecosystem - Supporting customer lifestyles beyond banking
Commodity to Ecosystem - Supporting customer lifestyles beyond banking Commodity to Ecosystem - Supporting customer lifestyles beyond banking
Commodity to Ecosystem - Supporting customer lifestyles beyond banking
WSO2
 
EPA PSD2 Presentation 23 February 2016
EPA PSD2 Presentation 23 February 2016EPA PSD2 Presentation 23 February 2016
EPA PSD2 Presentation 23 February 2016
John Pauley
 
Payveris_Whitepaper The Case for API in Retail Banking
Payveris_Whitepaper The Case for API in Retail BankingPayveris_Whitepaper The Case for API in Retail Banking
Payveris_Whitepaper The Case for API in Retail Banking
Wanda Gorges
 
Backbase Webinar: Everyday banking
Backbase Webinar: Everyday banking Backbase Webinar: Everyday banking
Backbase Webinar: Everyday banking
Backbase
 

Was ist angesagt? (16)

Σίσσυ Παπαγιαννίδου, Διευθύντρια της Διεύθυνσης Εποπτείας Πιστωτικού Συστήματ...
Σίσσυ Παπαγιαννίδου, Διευθύντρια της Διεύθυνσης Εποπτείας Πιστωτικού Συστήματ...Σίσσυ Παπαγιαννίδου, Διευθύντρια της Διεύθυνσης Εποπτείας Πιστωτικού Συστήματ...
Σίσσυ Παπαγιαννίδου, Διευθύντρια της Διεύθυνσης Εποπτείας Πιστωτικού Συστήματ...
 
PSD2 - The second Payment Services Directive
PSD2 - The second Payment Services DirectivePSD2 - The second Payment Services Directive
PSD2 - The second Payment Services Directive
 
PSD2 Building Certainty : Payments Knowledge Forum 2015
PSD2 Building Certainty : Payments Knowledge Forum 2015PSD2 Building Certainty : Payments Knowledge Forum 2015
PSD2 Building Certainty : Payments Knowledge Forum 2015
 
Commodity to Ecosystem - Supporting customer lifestyles beyond banking
Commodity to Ecosystem - Supporting customer lifestyles beyond banking Commodity to Ecosystem - Supporting customer lifestyles beyond banking
Commodity to Ecosystem - Supporting customer lifestyles beyond banking
 
PISP Journey Based on Open Banking UK
PISP Journey Based on Open Banking UKPISP Journey Based on Open Banking UK
PISP Journey Based on Open Banking UK
 
EPA PSD2 Presentation 23 February 2016
EPA PSD2 Presentation 23 February 2016EPA PSD2 Presentation 23 February 2016
EPA PSD2 Presentation 23 February 2016
 
Digitalization of Banking in bangladesh
Digitalization of Banking in bangladeshDigitalization of Banking in bangladesh
Digitalization of Banking in bangladesh
 
Digital banking and its benefits
Digital banking and its benefitsDigital banking and its benefits
Digital banking and its benefits
 
Payveris_Whitepaper The Case for API in Retail Banking
Payveris_Whitepaper The Case for API in Retail BankingPayveris_Whitepaper The Case for API in Retail Banking
Payveris_Whitepaper The Case for API in Retail Banking
 
CORE banking, a black box explained
CORE banking, a black box explainedCORE banking, a black box explained
CORE banking, a black box explained
 
AI-empowered Omnichannel Digital Banking Platform
AI-empowered Omnichannel Digital Banking PlatformAI-empowered Omnichannel Digital Banking Platform
AI-empowered Omnichannel Digital Banking Platform
 
Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610
Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610 Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610
Tradetech Hybrid MeetUp_N.Jaure_Onespan_210610
 
World Payments Report 2014 Key Findings Presentation
World Payments Report 2014 Key Findings PresentationWorld Payments Report 2014 Key Findings Presentation
World Payments Report 2014 Key Findings Presentation
 
Backbase Webinar: Everyday banking
Backbase Webinar: Everyday banking Backbase Webinar: Everyday banking
Backbase Webinar: Everyday banking
 
The New Payments Platform: Fast-Forward to the Future
The New Payments Platform: Fast-Forward to the FutureThe New Payments Platform: Fast-Forward to the Future
The New Payments Platform: Fast-Forward to the Future
 
Tradetech Hybrid MeetUp_P.Mollard_Ibanfirst_210610
Tradetech Hybrid MeetUp_P.Mollard_Ibanfirst_210610Tradetech Hybrid MeetUp_P.Mollard_Ibanfirst_210610
Tradetech Hybrid MeetUp_P.Mollard_Ibanfirst_210610
 

Ähnlich wie Get Strong Customer Authentication Ready for PSD2

Building a Fool Proof Security Strategy for PSD2 Compliance
Building a Fool Proof Security Strategy for PSD2 ComplianceBuilding a Fool Proof Security Strategy for PSD2 Compliance
Building a Fool Proof Security Strategy for PSD2 Compliance
WSO2
 
Go Beyond PSD2 Compliance with Digital Identity
Go Beyond PSD2 Compliance with Digital Identity Go Beyond PSD2 Compliance with Digital Identity
Go Beyond PSD2 Compliance with Digital Identity
ForgeRock
 
[APIdays Melbourne 2019] The Consumer Data Right: Building a Successful Open ...
[APIdays Melbourne 2019] The Consumer Data Right: Building a Successful Open ...[APIdays Melbourne 2019] The Consumer Data Right: Building a Successful Open ...
[APIdays Melbourne 2019] The Consumer Data Right: Building a Successful Open ...
WSO2
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.ppt
DreamMalar
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.ppt
DreamMalar
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.ppt
DreamMalar
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.ppt
DreamMalar
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.ppt
DreamMalar
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.ppt
DreamMalar
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.ppt
DreamMalar
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.ppt
DreamMalar
 

Ähnlich wie Get Strong Customer Authentication Ready for PSD2 (20)

Building a Fool Proof Security Strategy for PSD2 Compliance
Building a Fool Proof Security Strategy for PSD2 ComplianceBuilding a Fool Proof Security Strategy for PSD2 Compliance
Building a Fool Proof Security Strategy for PSD2 Compliance
 
[APIdays Singapore 2019] Implementing a Successful Open Banking Architecture
[APIdays Singapore 2019] Implementing a Successful Open Banking Architecture[APIdays Singapore 2019] Implementing a Successful Open Banking Architecture
[APIdays Singapore 2019] Implementing a Successful Open Banking Architecture
 
Application on Know Your Customer Authentication
Application on Know Your Customer AuthenticationApplication on Know Your Customer Authentication
Application on Know Your Customer Authentication
 
Go Beyond PSD2 Compliance with Digital Identity
Go Beyond PSD2 Compliance with Digital Identity Go Beyond PSD2 Compliance with Digital Identity
Go Beyond PSD2 Compliance with Digital Identity
 
KYC VERIFICATION USING BLOCKCHAIN
KYC VERIFICATION USING BLOCKCHAINKYC VERIFICATION USING BLOCKCHAIN
KYC VERIFICATION USING BLOCKCHAIN
 
Move your customer authentication to the next level!
Move your customer authentication to the next level!Move your customer authentication to the next level!
Move your customer authentication to the next level!
 
What's New With WSO2 Open Banking
What's New With WSO2 Open BankingWhat's New With WSO2 Open Banking
What's New With WSO2 Open Banking
 
Strong Customer Authentication - All Your Questions Answered
Strong Customer Authentication - All Your Questions AnsweredStrong Customer Authentication - All Your Questions Answered
Strong Customer Authentication - All Your Questions Answered
 
How Data is Revolutionizing Authentication
How Data is Revolutionizing AuthenticationHow Data is Revolutionizing Authentication
How Data is Revolutionizing Authentication
 
Security & Seamless CX in User Authentication: How to Achieve Both?
Security & Seamless CX in User Authentication: How to Achieve Both?Security & Seamless CX in User Authentication: How to Achieve Both?
Security & Seamless CX in User Authentication: How to Achieve Both?
 
[APIdays Melbourne 2019] The Consumer Data Right: Building a Successful Open ...
[APIdays Melbourne 2019] The Consumer Data Right: Building a Successful Open ...[APIdays Melbourne 2019] The Consumer Data Right: Building a Successful Open ...
[APIdays Melbourne 2019] The Consumer Data Right: Building a Successful Open ...
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.ppt
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.ppt
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.ppt
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.ppt
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.ppt
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.ppt
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.ppt
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.ppt
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.ppt
 

Mehr von WSO2

Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
WSO2
 

Mehr von WSO2 (20)

Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
 
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
 
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AI
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
 
WSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the CloudWSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the Cloud
 
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & InnovationWSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
 
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and ApplicationsWSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
WSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital BusinessesWSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital Businesses
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
 
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of TransformationWSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
 
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 

Kürzlich hochgeladen

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 

Kürzlich hochgeladen (20)

ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 

Get Strong Customer Authentication Ready for PSD2

  • 1. Get Strong Customer Authentication Ready for PSD2 Kaveen Rodrigo Senior Software Engineer
  • 2. Webinar Outline ● Motivation for this webinar ● Defining Strong Customer Authentication (SCA) ○ SCA in the context of Open Banking flows ○ Three elements of SCA ○ User experience impact of SCA ● Providing better SCA experiences for customers ● How WSO2 Open Banking enables SCA
  • 4. Stakeholders Not Ready For SCA ● Financial Conduct Authority UK pushes SCA deadlines 18 months ahead. ○ Acknowledges the complexity of SCA requirements and customer adoption ○ Phased roll out of PSD2 SCA https://www.fca.org.uk/news/press-releases/fca-agrees-plan-phased-implementation-strong-customer-authentication
  • 6. What’s SCA Trying to Solve? • PSD2 allows accredited third parties to gain access to customer accounts/payments with customer consent • Ensures the consenting customer is not a fraudulent entity attempting to gain access
  • 7. 1. Initiating Application 5. Perform Transaction TPP ASPSPPSU 2. Request Consent 4. Sent Consent Status 3. Confirm Consent
  • 8. Benefit of SCA for Open Banking • Transactions only take place with user consent • Gives assurance to banks and users that the request was understood and agreed upon (WYSIWYS) • Promotes transparency throughout the transaction to consumers and the bank. • Strongly authenticates the user to avoid any fraudsters 8
  • 9. Strong Customer Authentication • SCA is an mandatory requirement for PSD2 implementers • Authentication should take place in two or more elements 9 ‘strong customer authentication’ means an authentication based on the use of two or more elements - PSD2
  • 10. The Three Elements of SCA 10
  • 11. What is Considered as SCA? ✅ User identifier and password (Knowledge) and SMS one time password (Possession). ✅ Private pin (Knowledge) and OOBA fingerprint authentication (Possession/Inherence) User Identifier and password (Knowledge) and Security Pin (Knowledge) 11
  • 12. Unwanted Effects of SCA • Existing internet banking customers who aren’t familiar with multi-factor authentication • Continued use of SCA may tire customers and cause friction to minimum risk transactions • Hindrance to user experience 12
  • 14. Introducing Customers to SCA ● Strategy to roll-out SCA incrementally to help adoption of open banking: ○ Easing the SCA process on initial roll-out ○ Getting customers to adopt an SCA compliant second factors 14
  • 15. 15 Authorisation User Interfaces “Consumer research has shown that people find a recognisable ASPSP login page and process reassuring and increases their confidence in the journey” ● Customer Experience Guidelines 7.2
  • 16. 16 Clarity of Consumer Consent “Research amongst consumers has shown that the summary information step acts as a confirmation of exactly what they have consented to” ● Customer Experience Guidelines 7.2
  • 17. 17 Use of Decoupled Authentication “Research shows that consumers are familiar with decoupled authentication when making a payment or setting up a new payment ... Many welcome the additional level of security decoupled authentication provides.” ● Customer Experience Guidelines 7.2 TPP Bank TPP Consumption Device Authorisation Device 1 2 3 4
  • 18. 18 Adaptive Authentication With adaptive authentication, SCA is only applied in scenarios where the transaction risk is high, therefore the the SCA process is applied intelligently. Transaction amount > 30 Euros Transaction amount < 30 Euros Basic Authentication Second SCA element Basic Authentication Authenticated With SCA Authenticated With CA
  • 19. How WSO2 Open Banking Enables Effective SCA
  • 20. Customization Flexibility ● WSO2 Open banking provides flexibility to customize the SCA flow ○ Custom Authenticators ○ APIs for consent management ○ Authorization portal customization 20
  • 21. Authentication Freedom • WSO2 Open Banking is built on top of the WSO2 Identity Server and comes with the same flexibilities • Already existing zero-code pluggable authenticators Authenticator = SCA Element https://docs.wso2.com/display/OB140/Adding+Custom+Authenticators 21
  • 22. Adaptive Authentication Capability • WSO2 Open Banking provides flexible adaptive authentication scripting • WSO2 Open Banking business intelligence provides out-of-the-box transaction risk analysis and fraud detection https://docs.wso2.com/display/OB140/Integrate+Open+Banking+Business+Intelligence 22
  • 23. Takeaway Points • SCA is an integral part of PSD2 Open Banking • The implementation strategy will play an important role in the adoption of open banking • Special thought on UX is necessary when selecting factors for SCA • Flexible SCA options will encourage different consumer groups to adopt open banking 23
  • 25. Lean More On WSO2 Open Banking More Information http://wso2.com/solutions/financial/open-banking/ Try out WSO2 Open Banking https://openbanking.wso2.com Get in Touch openbankingdemo@wso2.com