KuppingerCole Report
Whitepaper
By Richard Hill

ForgeRock Identity Platform for PSD2 & API Security

The Revised Payment Service Directive (PSD2) promises to make the European Union (EU) cross-border transactions further transparent, faster and more secure while increasing competition and choice for consumers. To do so, Banks and other financial service providers must quickly make the necessary technical infrastructure changes to prepare for PSD2. The ForgeRock Identity Platform provides the security features and supports the open standards needed to deliver the secure APIs required for PSD2.

1 Executive Summary

Just as Automated Teller Machines (ATM) changed the way customers interact with their banking institutions, eliminating the need to wait in line to ta ...

Login Free 30-day Select Access Get full Access

2 Highlights

  • EU PSD2 took effect in January 2018. The Regulatory Technical Specifications (RTS) govern the implementation of Strong Customer Authentication (SCA ...
Login Free 30-day Select Access Get full Access

3 PSD2, UK Open Banking and Berlin Group NextGenPSD2

How the EU will interact with financial services and make payments is changing dramatically for the better through more secure and transparent transac ...

Login Free 30-day Select Access Get full Access

3.1 PSD2

The Second Payment Services Directive (PSD2) is the EU Directive 2015/2366/EU1, which has been in work for a number of years and amends and succeeds ...

Login Free 30-day Select Access Get full Access

3.2 PSD2 Secure Communications

Banks and other account holding institutions will have to expose APIs for TPPs (AISP and PISP) to utilize. AISPs will need to read account informatio ...

Login Free 30-day Select Access Get full Access

3.3 UK Open Banking

In the UK, Open Banking was created to address the problem in which older, more established banks lacked incentives to compete for customers and newer ...

Login Free 30-day Select Access Get full Access

3.4 Berlin Group NextGenPSD2

As mentioned above, PSD2 does not dictate which technologies to use or what an API should look like. This could lead to complexity in differences betw ...

Login Free 30-day Select Access Get full Access

4 PSD2 RTS architecture technical capabilities

Banks and TPPs should begin deploying their PSD2 solution architecture as soon as possible, in order to comply with PSD2. This will most certainly mea ...

Login Free 30-day Select Access Get full Access

4.1 Secure Communications

Banks have to provide secure APIs for TPPs and other banks to use, which will require banks to do most of the heavy lifting. Almost invariably, banks ...

Login Free 30-day Select Access Get full Access

5 ForgeRock Identity Platform as a foundation for PSD2-compliant architectures

A foundation to build compliant architectures will be needed to meet the different API facet requirements to support EU banks and TPPs.

Any Account ...

Login Free 30-day Select Access Get full Access

5.1 ForgeRock Identity Platform Overview

In general, there are two main common services in the ForgeRock Identity Platform. First is what ForgeRock calls the “common platform”, which prov ...

Login Free 30-day Select Access Get full Access

5.2 ForgeRock support for PSD2

At a minimum, banking entities must comply with some core technical requirements, which include strong customer authentication (SCA), secure APIs, and ...

Login Free 30-day Select Access Get full Access

5.3 ForgeRock support for NextGenPSD2

The Berlin Group NextGenPSD2 is working to standardize the PSD2 Access to Account (XS2A) APIs making it easier for TPPs to access customer bank accoun ...

Login Free 30-day Select Access Get full Access

5.4 ForgeRock support for UK Open Banking

The UK's Open Banking standard has called out OAuth2 and OIDC as the preferred standard for API security. ForgeRock supports both of these open standa ...

Login Free 30-day Select Access Get full Access

6 Summary and Recommendations

The deadlines for PSD2 are quickly approaching. Technology insertions will most certainly be necessary for banks and TPPs to put the RTS requirements ...

Login Free 30-day Select Access Get full Access

Copyright

©2019 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarksTM or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole Analysts, founded in 2004, is a global analyst company headquartered in Europe focusing on Information Security and Identity and Access Management (IAM). KuppingerCole stands for expertise, thought leadership, outstanding practical relevance, and a vendor-neutral view on the information security market segments, covering all relevant aspects like: Identity and Access Management (IAM), Governance & Auditing Tools, Cloud and Virtualization Security, Information Protection, Mobile as well as Software Security, System and Network Security, Security Monitoring, Analytics & Reporting, Governance, and Organization & Policies.

For further information, please contact clients@kuppingercole.com.

top