With the open and insecure mobile Internet, higher levels of security, other than a simple password and ID presentation, have to be introduced to limit payment fraud. PSD2 mandates Regulatory Technical Standards (RTS) on authentication and communication (Article 98): ensuring the safety of users’ funds and personal data; allowing for the development of user-friendly, accessible and innovative payments.
SWIM already complies to the PSD2 Regulatory Technical Standard requirements of Strong (2-Factor) Customer Authentication (SCA).
RTS specifies that strong customer authentication must use two of the three factors: knowledge (something only the user knows); possession (something only the user possesses); inherence (something the user is).
According to the article 97(1) of PSD2 requires that payment service providers apply strong customer authentication where the payer: accesses its payment account online; initiates an electronic payment transaction; carries out any action through a remote channel with potential fraud risk.
According to the company, the launch of SWIM solution leverages technologies to be PSD2 compliant no matter what the application, account to account faster payments, use of blockchain technology in payments, and of course HCE mobile payments.
More than that, the SWIM platform, claims the company, uses PKI (Public Key Infrastructure) security measures to protect the confidentiality and the integrity of the Payment Service Users’ (PSU) personalised security credentials as well as ensuring secure communication. Data on personalised security credentials are masked when displayed and not readable in their full extent. Personalised security credentials data as well as encryption cryptographic keys are not stored in plain text and can only be used in tamper resistant white boxed cryptographic processing environments.
Additionally, SWIM security measures prevent unauthorised use of the personalised security credentials and of the authentication devices and software due to their loss, theft or copying. SWIM ensures secure bilateral identification when communicating between user’s device and the tokenisation host; protection against misdirection of communication to unauthorised third parties; all payment transactions and other interactions with the user are traceable, with post-event audit; all communication session use unique identifiers, log transactions and are network timestamped.
HCE Service, UK and HCE Secure IT Services India deliver mobile tokenization services to the card issuing customers globally with the aim that their consumers can use SWIM secured mobile apps and contactless NFC mobile payments at Points of Sales.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now