KuppingerCole Report
Whitepaper
By Richard Hill

Overcoming PSD2 Challenges with Onegini Connect

Many changes are coming to Europe's financial landscape due to the Revised Payment Service Directive (PSD2). PSD2 will present new challenges to overcome, as well as potential benefits for Third Party Providers (TPPs) and consumers. Account Information Service Providers (AISP) and Payment Initiation Service Providers (PISP) functions have historically been performed by banks; competition in the financial sector will emerge from non-traditional, non-banking types of businesses. Onegini Connect provides the foundational technical capabilities needed to meet the PSD2 challenges while giving banks and TPPs an edge.
By
rh@kuppingercole.com

Content of Figures

  1. Figure 1

1 Executive Summary

In the European Union, the Revised Payment Services Directive (PSD2) will radically alter the financial services landscape. It has already begun to c ...

Login Free 30-day Select Access Get full Access

2 Highlights

  • EU PSD2 took effect in January 2018. The Regulatory Technical Specifications (RTS) govern the implementation of Strong Customer Authentication (SCA ...
Login Free 30-day Select Access Get full Access

3 PSD2 background and Regulatory Technical Specifications

PSD2 will revolutionize payments and financial services across the EU. PSD2 aims to foster competition in the financial sector, increase transactional ...

Login Free 30-day Select Access Get full Access

3.1 Background and goals of PSD2

The original PSD helped establish the Single Euro Payments Area (SEPA), facilitated cross-border payments, cut fees and increased choices for consumer ...

Login Free 30-day Select Access Get full Access

3.2 Strong Customer Authentication

Clients of financial services must use strong authentication methods to access financial resources. As written, PSD2 defines strong authentication in ...

Login Free 30-day Select Access Get full Access

3.3 Secure Communications

Banks and other account holding institutions must expose APIs for TPPs (AISP and PISP) to utilize. AISPs will need to read account information from m ...

Login Free 30-day Select Access Get full Access

3.4 Market changes and risks

Banks will still hold money and make loans, but new companies are emerging to handle account aggregation and payment management. While banks will sti ...

Login Free 30-day Select Access Get full Access

4 Technical capabilities for PSD2 RTS architecture

Complying with PSD2’s regulatory technical specifications almost certainly means building new capabilities, functions, and features. Correspondingly ...

Login Free 30-day Select Access Get full Access

4.1 CIAM

In order to offer SCA, an Identity and Access Management (IAM) solution is needed. Traditional IAM systems are designed to provision, authenticate, au ...

Login Free 30-day Select Access Get full Access

4.2 SCA

Many CIAM and IAM solutions on the market today support the concept of SCA. Companies that have to comply with PSD2’s SCA provisions must decide whe ...

Login Free 30-day Select Access Get full Access

4.3 Transactional Risk Analysis

PSD2 states that banks and/or TPPs can obviate the need to elicit an SCA event for every transaction if transactional risk analysis is performed inste ...

Login Free 30-day Select Access Get full Access

5 What you need from CIAM solutions for PSD2 compliance

In chapter 4 we see that, at a high level, banks and financial institutions need CIAM solutions with risk adaptive authentication mechanisms to achiev ...

Login Free 30-day Select Access Get full Access

6 The Onegini Connect Approach to PSD2

Onegini Connect is a PSD2 ready platform that provides both Consumer Identity Management and Mobile Security capabilities; supporting on-premises or i ...

Login Free 30-day Select Access Get full Access

6.1 Strong Authentication

One of the key PSD2 requirements for TPPs is to ensure strong authentication for their customers, as noted above. Onegini Connect platform provides a ...

Login Free 30-day Select Access Get full Access

6.2 Mobile Application SDKs

Using a PSD2 ready security platform adds value through speed in development by allowing the TPP to focus on its customer needs while Onegini provides ...

Login Free 30-day Select Access Get full Access

6.3 User Experience

A good user experience is critical to financial customers and bad user experiences can drive customers to competing solutions. A goal in creating a gr ...

Login Free 30-day Select Access Get full Access

6.4 Fraud Detection and Monitoring

Know Your Customer (KYC) and Anti-Money Laundering (AML) initiatives, particularly in the financial and insurance sectors, are business drivers motiva ...

Login Free 30-day Select Access Get full Access

6.5 TPP Customer Case Study: Bizcuit

Bizcuit is an app that helps SME businesses to go fully digital. Business users can perform many of their daily tasks in the app, while backend system ...

Bizcuit already offers the ability to pay outstanding invoices directly from the administration with various banks. This solution is unique in The Net ...

Login Free 30-day Select Access Get full Access

7 Summary and Recommendations

PSD2 is fast approaching, and the RTS will require major technology insertions for many banks and TPPs. IAM/CIAM infrastructure may need to be upgrade ...

Login Free 30-day Select Access Get full Access

Copyright

©2019 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarksTM or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole Analysts, founded in 2004, is a global analyst company headquartered in Europe focusing on Information Security and Identity and Access Management (IAM). KuppingerCole stands for expertise, thought leadership, outstanding practical relevance, and a vendor-neutral view on the information security market segments, covering all relevant aspects like: Identity and Access Management (IAM), Governance & Auditing Tools, Cloud and Virtualization Security, Information Protection, Mobile as well as Software Security, System and Network Security, Security Monitoring, Analytics & Reporting, Governance, and Organization & Policies.

For further information, please contact clients@kuppingercole.com.

top