Under the second EU Payment Services Directive (PSD2) and the UK’s Open Banking Regulation, banks are required to allow third parties with the appropriate payment services permissions to access their customer payment accounts and prevent access for organisations without these permissions. If banks fail to

On November 29, 2021, the Financial Conduct Authority (FCA) published a Policy Statement on “Changes to the SCA-RTS and to the guidance in ‘Payment Services and Electronic Money’”, which provides information on the use of a Modified Customer Interface (MCI) following industry consultations.  MCI Cannot Be

In the two years since open banking was approved by Brazil’s Central Bank, there has been a great deal of progress, despite a few set backs. Here, we look at how CIP, in partnership with Banfico, is helping spearhead the change. Originally due to be

Strong Customer Authentication (SCA) is a key part of the Second Payment Services Directive (PSD2) and a vital measure to counteract the rise in online fraud. As the new security framework for digital payments, SCA has been a long time coming – and now the

The growth of online banking and payments has seen a corresponding rise in fraud. Scammers have become increasingly adept at exploiting vulnerabilities in digital transactions, and one of the most alarming trends over the past decade has been the increase in Authorized Push Payment (APP)

As financial technology improves rapidly, it brings with it increasingly sophisticated forms of fraud. Malicious actors regularly target financial firms, and over the past decade the UK has witnessed the rise of a certain w form of fraud n. Its name is Authorised push payment

What is the future of TPP certificates after Brexit? The announced in July this year that eIDAS certificates of UK Third-Party Providers (TPP) will be revoked by 31 Dec 2020. Therefore, FCA had to intervene to limit the risk of disruption to open banking services

eIDAS & ETSI TS 119 495 Standard & PSD2 RTS The eIDAS Regulation is Regulation (EU) 910/2014 on electronic identification and trust services for electronic transactions in the internal market. The Regulation applies from 1 July 2016 for most part of its articles. The Directive

This is probably simple topic but banks have put lot of efforts into its discussion of whether SMS/OTP is RTS-SCA compliant or not. Arguments still carries on from two perspectives - authentication element (possession) & secure channel. For now EBA (5th Oct) has clarified that

Often PSD2 Implementation is focused around API Management. Identity & Access Management (IAM) is much more critical to PSD2 Implementation. Below post justifies importance to handling IAM functionalities in such regulatory program. PSD2 Implementation Two major aspects of the program are: Identity & Access Management