Events Calendar

Fintech & Security - Open Banking Revolutions & PSD2 RTS Security Challenges
Thursday 27 April 2017, 08:30am - 08:00pm
Hits : 973
by This email address is being protected from spambots. You need JavaScript enabled to view it.

 psd2 security

April 27th 2017, LSEC in collaboration with Eggsplore (B-Hive) organize a specialized event for Fintech and Cyber Security - transactional security specialists. On the verge of the RTS (Regulatory Technical Standards on Strong Customer Authentication and Common and Secure Communication) under PSD2 (Directive 2015/2366). The aim of this event is to jointly explore innovation, interests and opportunities for ict security experts and financial services experts. 

Third party access to accounts (XS2A), the use of API’s to connect merchant and the bank directly and the ability to consolidate account information in 1 portal and managed by new providers (not necessarily banks!) ...the updated Payment Service Directive (PSD2) will undoubtedly disrupt payment services in Europe.


On 12 January 2016, the revised Payment Services Directive (EU) 2015/2366 entered into force in the European Union, and will apply from 13 January 2018. The PSD2 aims in particular at ensuring that all payment services offered electronically are carried out in a secure manner, adopting technologies able to guarantee the safe authentication of the user and to reduce, to the maximum extent possible, the risk of fraud.
To that end, Article 98 foresees that EBA shall develop, in close cooperation with the ECB, draft Regulatory Technical Standards specifying the requirements of the strong customer authentication (SCA), the exemptions from the application of strong customer authentication, the requirements with which security measures have to comply in order to protect the confidentiality and the integrity of the payment service users’ (PSU) personalised security credentials, and the requirements for common and secure open standards of communication between account servicing payment service providers (ASPSP), Payment Initiation Services (PIS) providers, Account Information Services (AIS) providers, payers, payees and other payment service providers.

The Challenge and Threat to Some, the Opportunity and Potential for other

Banks will no longer only be competing against banks, but everyone offering financial services. And as they are obligated to provide these third-party providers access to their customers’ accounts; their competition are building their financial services on top of the banks’ data and infrastructure.

Besides the fact that the PSD2 will already cause major security challenges in its own, the directive also aims to make electronic payments safer and more secure, introducing enhanced security measures to be implemented by all payment service providers, including banks. At the same time, it will be a challenge for technology- based newcomers to meet the expectations of both the consumers and the European regulatory bodies; ensuring the highest levels of security are implemented.

What is impact of the new security value chain, roles and responsibilities, development of open API’s, how should banks respond? What are the main challenges for newcomers to this market? What are the authentication challenges, solutions and best practices to handle third party access to accounts (XS2A) ?.....These and other questions will be answered April 27th, in Brussels. It is a unique combination of regulatory requirements, business impact and challenges for practice that we are focusing on, a difference from either the pure legal or technology perspectives.

This event will be co-organized by LSEC - Leaders In Security and its partners (Agoria Banking Technology Club - Agoria ICT, TeleTrust, Pole SCS, UK Cyber Security Forum, ... ) and B-HIVE - Eggsplore.

Sponsoring and speaking opportunities and PARTICIPATION are extremely limited and UPON REGISTRATION AND CONFIRMATION ONLY.

CyberSecurity in an Open Banking API and PSD2 World : Preliminary Agenda

08.30u : Registration, Welcome Coffee & Networking
09.30u : introduction by Ulrich Seldeslachts from LSEC & Niek De De Taeye from B-HIVE

09.45u : PSD2 = Σ knowns and unknowns, by Chris Boogmans, senior Architect at Isabel

10.25u : Disruptive open banking applications challenges and opportunities, Danny Goovaerts, CTO at THE GLUE SOLUTIONS

10.45u : Keynote PSD2 & RTS recent developments and implications : Jorke Kamstra, NBB
At the National Bank of Belgium, Jorke is responsible for supervising banks and financial market infrastructures. He specializes in IT audits ( including cyber security audits); and is active in the Working Groups that are discussing and formalizing the technical details and implications of RTS (regulatory technical standards)

11.25u : Panel discussion : business opportunities & security challenges
- Chris Boogmans, senior Architect at Isabel
- Danny Goovaerts, CTO at THE GLUE SOLUTIONS
- National Bank of Belgium, Jorke Kamstra

(newly introduced panel members will be asked to give a 5-10 minute introduction on their activities and challenges related to security from a high level perspective)

12.35u : Lunch break & Networking

13.25 : Security Keynote 1 : trust mechanics and RTS & SCA challenges -
Secure Access means more than Strong Authentication, by Marc Van Maele, CEO Trustbuilder & SecurIT
The use of strong authentication is deemed absolutely necessary to raise the identity assurance level in performing high-value operations or transactions. However, there are several challenges that one needs to overcome in order to effectively adopt strong authentication as a strategic, enterprise-wide security solution. Since the validation of a user’s identity is increasingly handled by third parties, this requires a much more dynamic behavior and a frictionless user experience that can easily be adapted over time. In addition, it requires security measures able to deal with just any set of contextual information that might influence the selection of the right authentication mechanism for a transaction. API Gateways, and how they deal with API security, has been the talk of the town for the past few years. Looking at this from the perimeter angle is not enough. Security doesn’t stop at the entry-point of the API provider, considering that it’s not only about talking to a single API but to an eco-system of services that consists of potentially hundreds of APIs. Not only do we have to validate the access rights of the calling party (end-user or client) but we must consider the delegated rights of all peers.

13.55 : Security panel discussion 1 : Open Banking API's, SCA, identities, authorization, authentication, federation, IDAAS and EIDAS
- JustPOM, Pieter van Geel 
- Vasco Data Security, Frederik Mennes, Senior Manager Market & Security
- Marc Vanmaele, CEO, Trustbuilder & SecurIT
- Secret Double Octopus, Amit Rahav, VP Access & Authentication (Israel)
- Chris Boogmans, Enterprise Architect Sr at Isabel
- Rik de Deyn, Oracle

(newly introduced panel members will be asked to give a 5-10 minute introduction on their activities and challenges related to security from a high level perspective)

15.10 : Coffee Break & Networking

15.40 : security keynote 2 : beyond PSD2 RTS & SCA and moving towards open banking
With great opportunity comes great responsibility - Operationalizing PSD2 API & Platform Banking Systems, by Rik De Deyn, Senior Director Banking, Oracle
The API and Collaborative Economy provides great opportunities, through PSD2 and beyond. With great opportunity comes great responsibility. Rik will take a look at the reality and best practices of operationalizing PSD2 API and Platform Banking systems. He will also look at characteristics of an API platform, and ways to monetize the PSD2 XS2A mandate, for banks and Fintech companies.

16.10 : Secret Double Octopus, Amit Rahav, VP Access & Authentication (Israel)

17.10 : Security keynote 3 : BAE Systems, Gareth Evans, Senior Fraud Prevention Consultant
Identifying & Detecting Fraud, preventing cyber security threats and advanced monitoring for compliance

17.40 : security panel 3 discussion : fraud & cyber security challenges, detection, prevention, mitigation and incident management activities
- LSEC, Ulrich Seldeslachts
- Ingenico, Thierry Coopman, CTO Global Services
- BAE, Gareth Evans, Senior Fraud Prevention Consultant

18.40 : closing notes & announcements
18.50 : networking reception
20.00 : end of event

Audiences- level of Expertise
- Bank Enterprise CISO’s / Security Managers
- Bank Enterprise Security Architects
- FinTech company CEO, CISO, Security Architect
- Policy Makers
- Authentication and security solution providers
- IT Audit Managers

Practical Details & Registration
Banking Revolution & Security Challenges caused by PSD2
Thursday 27 April 2017 
Area 42, Rue des Palais 46, 1030 - Brussels

Participation is free of charge upon prior registration via the registration page AND CONFIRMATION BY THE ORGANIZERS ONLY! Participants interested in the handouts and presentations of the day will be charged a minor fee (121 €) to accommodate for the handling costs and taxes. 

For more information, please visit the following sources : 

Draft Regulatory Technical Standards on Strong Authentication and Secure Communication under PSD2 (Source : EBA)

9 key takeaways from the draft regulatory technical standards (Source : PaymentEye)

PSD2 : RTS (Source : OsbornClarke)

LSEC for Security Professionals


LSEC for Security Companies



LSEC for enterprise & government



LSEC for academia & research institutes


Request information about LSEC Membership

Click here

Sign up for our newsletter

Click here

Learn more about current projects & industry collaborations

Click here

Contact us

Click here


Privacy | Disclaimer | Responsible Disclosure Copyright LSEC - Leaders In Security 2002 - 2017 - Kasteelpark 10, 3001 Heverlee - Leuven | tel. +