ForgeRock Identity Platform capabilities for Authentication under PSD2
Commissioned by ForgeRock
1 Executive Summary
In the European Union, the Revised Payment Services Directive (PSD2) will radically alter the financial services landscape. It has already begun to cr ...
Login Get full Access2 Highlights
- EU PSD2 took effect in January 2018. The Regulatory Technical Specifications (RTS) govern the implementation of Strong Customer Authentication (SCA ...
3 PSD2: The background and Regulatory Technical Specifications
PSD2 will revolutionize payments and financial services across the EU. PSD2 aims to foster competition in the financial sector, increase transactional ...
Login Get full Access3.1 Background and goals of PSD2
The original PSD helped establish the Single Euro Payments Area (SEPA), facilitated cross-border payments, cut fees and increased choices for consumer ...
Login Get full Access3.2 Strong Customer Authentication
Clients of financial services must use strong authentication methods to access financial resources. As written, PSD2 defines strong authentication in ...
Login Get full Access3.3 Market changes and risks
Banks will still hold money and make loans, but new companies are emerging that will also provide services to handle account aggregation and payment m ...
Login Get full Access4 Technical capabilites for PSD2 RTS architecture
Complying with PSD2’s regulatory technical specifications almost certainly means building new capabilities, functions, and features. Correspondingly ...
Login Get full Access4.1 SCA and Transaction Risk Analysis
Many CIAM and IAM solutions on the market today support the concept of SCA. Companies that have to comply with PSD2’s SCA provisions must decide whe ...
Login Get full Access4.2 CIAM
In order to offer SCA, a proper Identity and Access Management (IAM) solution is needed. Traditional IAM systems are designed to provision, authentica ...
Login Get full Access5 What you need from IAM systems for PSD2
In chapter 4 we see that, at a high level, banks and financial institutions need CIAM solutions with risk adaptive authentication mechanisms to achiev ...
Login Get full Access6 ForgeRock Identity Platform as a foundation for PSD2 compliant architectures
ForgeRock Identity Platform can provide CIAM, SCA, and risk-adaptive multi-factor authentication functionality that directly address the technical req ...
Login Get full Access6.1 ForgeRock Intelligent Authentication for SCA and transactional risk analysis
ForgeRock Access Management, as a component of the ForgeRock Identity Platform, performs the authentication and authorization functions. It supports m ...
Login Get full Access6.2 ForgeRock IDM for CIAM
ForgeRock’s Identity Management module provides a rich set of features for CIAM. Users can self-register and manage their accounts, including consen ...
Login Get full Access7 Recommendations
PSD2 is fast approaching, and the RTS will require major technology insertions for many banks and TPPs. IAM/CIAM infrastructure may need to be upgrade ...
Login Get full Access7.1 Recommendations for conducting a PSD2 Readiness Assessment
- Inventory existing IAM and risk management infrastructure: Can it offer strong customer authentication? Does it have sufficiently advanced risk anal ...
7.2 Recommendations for meeting PSD2's SCA Requirements
- Utilize risk adaptive authentication for transactions that fall under the purview of SCA. Use ongoing transactional risk analysis to reduce the need ...
8 Related Research
Leadership Compass: Access Management and Federation - 71102
Endnotes
- http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32015L2366
- http://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX:32007L0064
- http://europa.eu/rapid/press-release_MEMO-15-5793_en.htm?locale=en
- https://www.eba.europa.eu/documents/10180/1901998/Final+Guidelines+on+PII+under+PSD2+%28EBA-GL-2017-08%29.pdf/6411f24d-e430-4e05-ab03-1393a3f865cb