Events Calendar

Fintech & Security - Open Banking Revolutions & PSD2 RTS Security Challenges
Thursday 27 April 2017, 08:30am - 08:00pm
Hits : 1379
by This email address is being protected from spambots. You need JavaScript enabled to view it.

 psd2 security

April 27th 2017, LSEC in collaboration with Eggsplore (B-Hive) organize a specialized event for Fintech and Cyber Security - transactional security specialists. On the verge of the RTS (Regulatory Technical Standards on Strong Customer Authentication and Common and Secure Communication) under PSD2 (Directive 2015/2366). The aim of this event is to jointly explore innovation, interests and opportunities for ict security experts and financial services experts. 

Third party access to accounts (XS2A), the use of API’s to connect merchant and the bank directly and the ability to consolidate account information in 1 portal and managed by new providers (not necessarily banks!) ...the updated Payment Service Directive (PSD2) will undoubtedly disrupt payment services in Europe.

This event was supported by BAE Systems. 

 

Backgrounder:

On 12 January 2016, the revised Payment Services Directive (EU) 2015/2366 entered into force in the European Union, and will apply from 13 January 2018. The PSD2 aims in particular at ensuring that all payment services offered electronically are carried out in a secure manner, adopting technologies able to guarantee the safe authentication of the user and to reduce, to the maximum extent possible, the risk of fraud.
To that end, Article 98 foresees that EBA shall develop, in close cooperation with the ECB, draft Regulatory Technical Standards specifying the requirements of the strong customer authentication (SCA), the exemptions from the application of strong customer authentication, the requirements with which security measures have to comply in order to protect the confidentiality and the integrity of the payment service users’ (PSU) personalised security credentials, and the requirements for common and secure open standards of communication between account servicing payment service providers (ASPSP), Payment Initiation Services (PIS) providers, Account Information Services (AIS) providers, payers, payees and other payment service providers.

 

Session Materials:

Materials are now available for download. Attending to the event was free, but we charge a minor fee for the materials in order to ensure some income for the organization. As a non-profit organization, due to tax reasons, a small charge is asked to cater for the incurred costs. You will be transferred to Payloadz.com and be asked to pay for 121 € (100 € excl, 21% VAT). You will be able to receive an invoice if you leave your company details and PO number. Once paid, you will receive a downloadlink to download the .zip with all materials of the day. 

LSEC continues to support creating awareness on information security, will try to lower the barrier for ict security professionals. With this mechanism, all attendees have evaluated the value of the presented materials and can easily contribute to the future activities. 

 

The Challenge and Threat to Some, the Opportunity and Potential for other

Banks will no longer only be competing against banks, but everyone offering financial services. And as they are obligated to provide these third-party providers access to their customers’ accounts; their competition are building their financial services on top of the banks’ data and infrastructure.

Besides the fact that the PSD2 will already cause major security challenges in its own, the directive also aims to make electronic payments safer and more secure, introducing enhanced security measures to be implemented by all payment service providers, including banks. At the same time, it will be a challenge for technology- based newcomers to meet the expectations of both the consumers and the European regulatory bodies; ensuring the highest levels of security are implemented.

What is impact of the new security value chain, roles and responsibilities, development of open API’s, how should banks respond? What are the main challenges for newcomers to this market? What are the authentication challenges, solutions and best practices to handle third party access to accounts (XS2A) ?.....These and other questions will be answered April 27th, in Brussels. It is a unique combination of regulatory requirements, business impact and challenges for practice that we are focusing on, a difference from either the pure legal or technology perspectives.

This event was co-organized by LSEC - Leaders In Security and B-HIVE - Eggsplore.

 

CyberSecurity in an Open Banking API and PSD2 World : Agenda

(All presentation materials links will link to the Payloadz system, requesting for an "Add to Cart" of the materials, and will provide a document including all presentations and materials of the day.)



08.30u : Registration, Welcome Coffee & Networking

09.30u : Introduction & setting the scene by Ulrich Seldeslachts from LSEC & Niek De De Taeye from B-HIVE

An insightful consideration on Security challenges related to Information systems of banking environments, putting in perspective overall risks and compliance, introducing PSD2 and Open API's, connecting to the agenda of the day. 

09.45u : PSD2 = Σ knowns and unknowns, by Chris Boogmans, senior Architect at Isabel 

Perspective on some of the PSD2 challenges and components, including some of the various roles, use cases and their respective challenges, how PSD2 and subsequent RTS offerings directions and raises additional concerns, insights into the policy making process. It includes clarifications on SCA, TPP, RTS, ... 

10.25u : Disruptive open banking applications challenges and opportunities, Danny Goovaerts, CTO at THE GLUE SOLUTIONS

From the perspective of a platform intending to provide a service to operators, with key consideration on why additional security measures have to be set up - up front, while many solutions today can ensure incremental security measures, facilitating transactions, 

10.45u : Keynote PSD2 & RTS recent developments and implications : Jorke Kamstra, NBB
At the National Bank of Belgium, Jorke is responsible for supervising banks and financial market infrastructures. He specializes in IT audits ( including cyber security audits); and is active in the Working Groups that are discussing and formalizing the technical details and implications of RTS (regulatory technical standards)

11.25u : Panel discussion : business opportunities & security challenges
- Chris Boogmans, senior Architect at Isabel
- Danny Goovaerts, CTO at THE GLUE SOLUTIONS
- National Bank of Belgium, Jorke Kamstra

12.35u : Lunch break & Networking


13.25 : Security Keynote 1 : trust mechanics and RTS & SCA challenges -
Secure Access means more than Strong Authentication, by Marc Van Maele, CEO Trustbuilder & SecurIT
The use of strong authentication is deemed absolutely necessary to raise the identity assurance level in performing high-value operations or transactions. However, there are several challenges that one needs to overcome in order to effectively adopt strong authentication as a strategic, enterprise-wide security solution. Since the validation of a user’s identity is increasingly handled by third parties, this requires a much more dynamic behavior and a frictionless user experience that can easily be adapted over time. In addition, it requires security measures able to deal with just any set of contextual information that might influence the selection of the right authentication mechanism for a transaction. API Gateways, and how they deal with API security, has been the talk of the town for the past few years. Looking at this from the perimeter angle is not enough. Security doesn’t stop at the entry-point of the API provider, considering that it’s not only about talking to a single API but to an eco-system of services that consists of potentially hundreds of APIs. Not only do we have to validate the access rights of the calling party (end-user or client) but we must consider the delegated rights of all peers.

 

13.50 : Banking Revolutin and Security Challenges caused by PSD2, by Frederik Mennes, Senior Manager Market & Security Strategy

An overall consideration whether PSD2 is justified to decrease online banking fraud and an interpretation of the RTS on SCA by different competent authorities. This includes some identified challenges for existing banks and payment services providers, a classification of different strong authentication solutions and their compliance perspectives. 

14.30 : User authentication without keys, by Amit Rhave, Secret Double Octopus (SDO)

The complexities of authentication with additional devices and keys, an insightfull overview of different mechanics and their use versus the utilization of secret sharing and how they can be implemented today to use secure authentication.

14.50 : Security panel discussion 1 : Open Banking API's, SCA, identities, authorization, authentication, federation, IDAAS and EIDAS
- JustPOM, Pieter van Geel 
- Vasco Data Security, Frederik Mennes, Senior Manager Market & Security
- Marc Vanmaele, CEO, Trustbuilder & SecurIT
- Secret Double Octopus, Amit Rahav, VP Access & Authentication (Israel)

(newly introduced panel members will be asked to give a 5-10 minute introduction on their activities and challenges related to security from a high level perspective)

 

15.10 : Security keynote 3 : Identifying & Detecting Fraud, preventing cyber security threats and advanced monitoring for compliance
Gareth Evans, Senior Fraud Prevention Consultant, BAE Systems

Security in financial services, especially with the perspective of Open Banking is not related to only authentication and RTS challenges, but cyber security challenges, online en inside fraud and many other considerations should be made and added when transforming into this direction. 

 

15.40 : Coffee Break & Networking

 

16.10 : Cyber Hive, exploring cyber security within B-Hive, by Niek De Taeye, B-Hive

B-Hive has been focusing towards cyber security and related challenges and considers this a major component of fintech, the domain on which B-Hive is focusing, bringing together an eco-system and supporting new developments. 

16.25 : security keynote 2 : beyond PSD2 RTS & SCA and moving towards open banking
With great opportunity comes great responsibility - Operationalizing PSD2 API & Platform Banking Systems, by Rik De Deyn, Senior Director Banking, Oracle

The API and Collaborative Economy provides great opportunities, through PSD2 and beyond. With great opportunity comes great responsibility. Rik will take a look at the reality and best practices of operationalizing PSD2 API and Platform Banking systems. He will also look at characteristics of an API platform, and ways to monetize the PSD2 XS2A mandate, for banks and Fintech companies.

 17.00 : security panel 3 discussion : fraud & cyber security challenges, detection, prevention, mitigation and incident management activities
- Niek De taeye, B-Hive
- Rik de Deyn, Oracle
- Ingenico, Thierry Coopman, CTO Global Services
- BAE, Gareth Evans, Senior Fraud Prevention Consultant

18.00 : closing notes & announcements
18.10 : networking reception

Audiences- level of Expertise
- Bank Enterprise CISO’s / Security Managers
- Bank Enterprise Security Architects
- FinTech company CEO, CISO, Security Architect
- Policy Makers
- Authentication and security solution providers
- IT Audit Managers

 

Session Materials:

Materials are now available for download. Attending to the event was free, but we charge a minor fee for the materials in order to ensure some income for the organization. As a non-profit organization, due to tax reasons, a small charge is asked to cater for the incurred costs. You will be transferred to Payloadz.com and be asked to pay for 121 € (100 € excl, 21% VAT). You will be able to receive an invoice if you leave your company details and PO number. Once paid, you will receive a downloadlink to download the .zip with all materials. 

 

LSEC continues to support creating awareness on information security, will try to lower the barrier for ict security professionals. With this mechanism, all attendees have evaluated the value of the presented materials and can easily contribute to the future activities. 

 

This event was supported by BAE Systems

logo baesystems en

 

Practical Details & Registration
Banking Revolution & Security Challenges caused by PSD2
Thursday 27 April 2017 
Area 42, Rue des Palais 46, 1030 - Brussels

Participation was free of charge. Participants interested in the handouts and presentations of the day will be charged a minor fee (121 €) to accommodate for the handling costs and taxes. 

For more information, please visit the following sources : 

Draft Regulatory Technical Standards on Strong Authentication and Secure Communication under PSD2 (Source : EBA)

9 key takeaways from the draft regulatory technical standards (Source : PaymentEye)

PSD2 : RTS (Source : OsbornClarke)




LSEC for Security Professionals

lsec-prof

LSEC for Security Companies

lsec-com

 

LSEC for enterprise & government

lsec-gov

 

LSEC for academia & research institutes

lsec-research

Request information about LSEC Membership

Click here

Sign up for our newsletter

Click here

Learn more about current projects & industry collaborations

Click here

Contact us

Click here

logo-acdcec

Privacy | Disclaimer | Responsible Disclosure Copyright LSEC - Leaders In Security 2002 - 2017 - Kasteelpark 10, 3001 Heverlee - Leuven | tel. +32.16.32.85.41