Banfico

This is probably simple topic but banks have put lot of efforts into its discussion of whether SMS/OTP is RTS-SCA compliant or not. Arguments still carries on from two perspectives - authentication element (possession) & secure channel. For now EBA (5th Oct) has clarified that

Often PSD2 Implementation is focused around API Management. Identity & Access Management (IAM) is much more critical to PSD2 Implementation. Below post justifies importance to handling IAM functionalities in such regulatory program. PSD2 Implementation Two major aspects of the program are: Identity & Access Management