Keeping Fully Compliant with PSD2
ThreatMark’s solution has been developed with PSD2 in mind by security practitioners with extensive knowledge of banking systems security, and can solve the most demanding security requirements set out by the regulation.
Payment service providers are now required to perform strong customer authentication for any action connected with a payment’s account. The authentication shall be based at least on two elements, categorized as knowledge, possession and inherence, resulting in the generation of an authentication code.
As a result, payment service providers are now facing a dilemma between providing a secure authentication and not jeopardizing the customer’s experience.
The results can be used as an independent authentication factor categorized as inherence, without causing legitimate users any inconvenience.
However, our deep behavior profiling can address other business cases, too. For example, when some of the authentication elements get stolen via social engineering or through another application (not related to the protected application), our solution can identify anomalies in a user’s behavior and reveal a fraudster having logged in.
Combined with evidence-based cyber threat detection capabilities, deep device profiling and transaction risk analysis, all in real or close to real time, the solution is a perfect fit for transaction and device monitoring, transaction risk analysis, and even for the multi-factor authentication requirements set out by the RTS.
Banks are required to provide a dedicated communication interface to third-party providers (TPPs), so they will no longer be able to access account information by screen-scraping HTML pages with user credentials. This technique is generally regarded as less secure, and often breaches the bank’s own terms and conditions as customers provide their login credentials to third parties – this is why PSD2 forbids it. ThreatMark’s AFS can detect any robotic access by browser identification and robot-like behavior, such as unusual use of mouse and keyboard, monitoring speed of navigation between pages and so on, therefore our solution can inform banks of unauthorized scraping access and keep them compliant.