On 16 March 2017, BaFin – Germany’s financial regulator – held its fourth information meeting on the supervision of IT for banks with roughly 500 attendees. The press and media coverage (FAZ, Handelsblatt, Börsenzeitung) placed emphasis on the vulnerability of bank IT systems to attacks and the need for them to improve their IT security, whereas BaFin and the Bundesbank announced important details regarding future supervision and monitoring of bank IT, with keynote presentations on BAIT (supervisory requirements for bank IT), monitoring of IT matters in practice by banking regulators, and the implementation of the IT Security Act by means of the Federal Office for In- formation Security Act (BSI) and the Payment Service Directive (PSD) II.

Continue

In August 2016, the EBA published the draft RTS for consultation, and spelled out the details in a public hearing on 23 September 2016, especially regarding the points on “Use of strong customer authentication for account access (one-month discussion)” and “Using a risk-based approach as a replacement for the second factor”. On 23 February 2017, after taking account of 224 comments received back from the market, the EBA published the final version of the RTS.

Continue

According to Article 96 of Payment Service Directive (PSD) II, payment service providers have until 13th January 2018 to implement a reporting system for major operational and security incidents relating to cash-free transactions. The EBA proposes a classification scheme with four quantitative criteria and three qualitative ones to decide whether an incident needs to be reported.

Continue

The continued advance of digital technology has seen the automobile grow as a product from simply being a machine intended to move people from place to place, into a networked vehicle for services associated with mobility. Where the “car”, as a product, used to be the determining factor in value creation, it is now not enough on its own to ensure optimized value creation. The term “connected car” is now a synonym for mod-ern automotive mobility, implying communi-cation between the conveyance and its environment, as well as from vehicle to vehicle. As a result, there are now interfaces with related services such as billing, optimi-zation or linked mobility options. Ongoing competition between providers as automat-ed driving approaches, means there is ever greater relevance for comprehensive vehicle networking because greater availability of data has the potential to have a positive effect on functionality and rule compliance of automated systems.

Continue

The situation in the banking sector is still tense, and is becoming ever more so as a result of increasing regulation. In order to make use of regulatory compliance as a driver for innovation, the use of state-of-the-art technologies and agile approaches are just as important for success as a greater focus on IT know-how within the banks’ management hierarchy. These are the findings of a recent study carried out by COREinstitute, Berlin.

Continue

The EBA public hearing on Regulatory Technical Standards, specifying the requirements on strong customer authentication and common secure communication under PSD II, took place on September 23. The public hearing is an integral part of the consultation phase and regularly provides a summary of the initial consultation phase, as well as an insight into how the RTS are likely to shape up. Starting with the main points of development concerning RTS, which are reflected in the Consultation Paper [compare “Customer Authentication for Cashless Transactions: Impacts of the New RTS (Regulatory Technical Standards) under PSD II“ post], the major points of discussion during the hearing are detailed below.

Continue

The regulator urges various initiatives for financial institutions to create access to data and information by third parties, whose seclusion is not justified. Details of this market opening in the financial industry, fostered by the Payment Service Directive PSD II, have been specified in two major points recently published as “RTS” (Regulatory Technical Standards) by the EBA: strong customer authentication and secure communication for electronic payment services. These regulations have major consequences on the current standards and established processes with cashless transactions.

Continue

Biometrics is the analysis and metrics of living creatures and their characteristics. The aim of biometrics is for the automatized metrics of a person’s individual physiological or unique behavioral characteristic, for the purpose of identification or verification, to be distinguishable from other people.

Continue

If we consider that 40 percent of global value creation is already based on information and communications technology, it is clear that secure and sound IT infrastructures will be an important factor in selecting a business location in the future. With Germany’s cyber security strategy, the German government is pursuing the goal of guaranteeing cyber security at the highest level, establishing Germany as one of the most secure digital locations in the world.

Continue