What is 'strong authentication' in PSD2
The phrase 'strong authentication' is in danger of becoming a catch-phrase, which is not well understood. When is ‘strong’ strong enough? And when is it not so strong? In what situations must authentication be 'strong' and when not? What exactly are the requirements of the European Banking Authority's technical guidelines? And what are the legal implications?
The requirements of PSD2 will include concepts of openness, agility and customer choice and also, critically, will demand a level of security beyond that currently in place.
The directive demands that 'I know you and you know me' before and during our transaction - without compromise. In short, more openness + consumer control = higher risk.
This session will educate and inform on what this means, what the pitfalls might be and where in UK law we can find precedents showing how this has been done before. Our speakers for this event, who are the top experts in this field, will give the audience an opportunity to question and clarify exactly what ‘strong authentication’ is and how it can be achieved.
- Purpose of the session
- What is a 'trusted identity'
2. What is strong authentication – the key measurements on creating trust in the PSD2 context
• Gary Munro, Consult Hyperion
3. The pitfalls of two-factor authentication
- Neil Warburton, IBM
4. From legislation to product – creating a standard for strong authentication
- Dr Chris Edwards, Intercede
5. 9 key takeaways from PSD2 draft regulatory technical standards
- Tom Hay, Head of Payments, Icon Solutions
6. Knowing me, knowing whom you’re paying
- Jonathan Williams, Head of Strategy and Product, Experian Identity and Fraud
7. Wrap-up - Conclusions