Authentication

PSD2 and the E-Commerce Ecosystem

Authored by Ian Newns The European Banking Authority recently drafted the latest Directive on Payment Services II (PSD2), which serves as the legal foundation for a cross-EU payments market.  In 2016, European e-commerce sales are expected to increase 17% to €183 billion and the use of payment service providers (PSPs) is increasing significantly. Couple this with…

3D Secure 2.0 – The New Sheriff in Town

EMVCo, the global standards body tasked with developing the technical standards for payments technologies, last week announced the availability of 3D Secure 2.0. Collectively, we at RSA congratulate EMVCo on this eagerly anticipated release. As an EMVCo Technical Associate, we were privileged to contribute to the development of the specifications and truly believe that the…

Six Steps For Cybercrime Survival

While recently cleaning my grandfather’s attic, I came across an old Federal Civil Defense Administration brochure titled “Six Steps to Survival – If an enemy attacked today would you know what to do?”  In our modern times, many of us are being attacked on a daily basis by cybercriminals. As such, do you know what…

Your Step-Up Authentication Compass… NIST & SMS – Finding North – Part 2

Authored by Greg Dicovitsky, Principal Solutions Architect, RSA In its recent solicitation for comment regarding its latest recommendation, the National Institute of Standards and Technology (NIST) has informed the public of its intent to eventually discontinue its recommending the use of Out-of-Band (OOB) Short Message Service (SMS) technologies to support the authentication of e-Commerce applications. [1]…

The Value of Transaction Risk Analysis for Consumer Authentication

The recent consultation paper set forth by the European Banking Association (EBA) surrounding the call for comments on the regulatory technical requirements for strong customer authentication under PSD2 has created a buzz.  In particular, while the EBA recognizes the “merit” of transaction risk analysis, it has called into question the ability to allow it “as…

A New Generation of Hackers Target the Gaming Industry

Hackers love a crowd. That’s true when it comes to social media networks, government system websites, financial institutions, retailers, and, based on recent headlines, gaming sites.  For an industry projected to be worth nearly $100 billion in 2016, gaming offers a lucrative industry for cybercriminals.  Last year, gaming accounted for 1 in every 50 e-commerce fraud transactions,…

Consumer Security vs. User Experience in a Mobile World

Most people have had to go through the slow, and sometimes frustrating, process of standing in an airport security line at least once in their life. While not convenient for frequent flyers, we understand that although it is time consuming, it is vital to ensure security for people’s lives. However, this is not how customers…

MySpace and Tumblr Breaches Put Other Consumer Brands on Alert

With the unveiling of two more “mega breaches” this morning, the headlines and news cycles are clamoring for continued updates.  The more serious of the two involved the breach at MySpace with 427 million email addresses and linked passwords stolen.  The other involved 65 million unique emails and passwords stolen from the popular site, Tumblr. …

New PCI Multifactor Authentication Rules: Is it Too Late?

The PCI Security Council just extended its requirements for multi-factor authentication to anyone who has access to credit card data. These requirements, which comes on the heels of the European Parliament adopting its revised Directive on Payment Services (PSD2) late last year, require strong authentication for all Internet transactions. PSD2 also introduces strict security requirements…

Continuous Identity Assurance Allows You To Step Away

Have you ever wondered how do applications know if “its still you” 10 minutes after you log in to the app? Suppose you have to join a conference call, leave for a meeting, or take a bio break. As far as the app is concerned, since you haven’t performed any activity for a given period…