PSD2
Secure Transaction Approval

Secure your banking transactions

Traditional mechanisms are now insufficient to meet today’s regulatory requirements, security and usability expectations for online transactions.

Free PoC

PSD2 Compliance with transaction approval is possible with OpenOTP Security suite. Online banking and most business processes require controls and approvals. It could be for a large financial transaction, a simple work expense reimbursement or procurement approval.
In banking, these have been traditionally managed using One-Time Passwords (OTP) or PIN codes and in business applications with simple username+password authentication.
These mechanisms are now insufficient to meet today’s regulatory requirements, security and usability expectations.

RCDevs helps you

Secure your transactions

Solution

The Revised Payment Services Directive (PSD2) introduces significant new regulations for banks and financial institutions operating in Europe, particularly focusing on enhancing security and customer trust. Among these key regulations are Strong Customer Authentication (SCA) and Dynamic Linking.

Strong Customer Authentication mandates that customer authentication must be based on two or more independent elements from the following categories:

1. Knowledge: Something the user knows (e.g., a password or PIN).
2. Possession: Something the user has (e.g., a mobile device or hardware token).
3. Inherence: Something the user is (e.g., biometric data like fingerprints or facial recognition).
These elements must be independent of each other, ensuring that a compromise of one factor does not jeopardize the others. This requirement enhances security by making unauthorized access significantly more difficult.

RCDevs OpenOTP is designed to help your organization comply with PSD2 requirements, including SCA, while also improving the efficiency and user-friendliness of your business processes. Our solution ensures that your authentication mechanisms are not only compliant but also streamlined and easy for your customers to use, providing a secure and seamless experience in line with the latest regulatory standards.

Benefits

Dynamic linking integrations

Dynamic Linking requirement poses a greater challenge for currently deployed solutions. It requires that the credentials used to approve a payment can only be used to approve the specific payment, that the user is made aware of the amount and payee and that the credentials cannot be used to approve any other or modified payment. Traditional OTP tokens cannot meet this requirement, as the OTP is in no way linked to the transaction details being approved, leaving the user and your business exposed to “man in the middle” attacks. RCDevs OpenOTP allows you to meet these requirements and prevent fraudulent transactions. When approving a transaction using OpenOTP, the user can review the transaction details on their smartphone, including attached documents, and approve or reject the transaction directly. All information is protected with end-to-end encryption and any change to the transaction will invalidate the approval.

Easy to use API

OpenOTP secure transaction approval solution can be easily integrated into existing applications with a flexible and easy-to-use API. OpenOTP provides easy to use API (REST+SOAP) for integrating into your existing business application, minimizing development effort, deployment time and disruption to existing processes. Any business that processes payments that are completed in the European Union, even if only one part of the transaction is in the European Union.

Features

Key Features

Compliant with PSD2 SCA and Dynamic linking requirements

One solution for multi-factor authentication and secure transaction approval

Online communication using end to end encryption

Offline communication using encrypted QR code when the phone does not have a network connection

Unified IAM Federation

Native IAM Integration

OpenOTP is compatible with local directories such as Active Directory (AD) and LDAP, providing extensive support for on-premise environments. Additionally, it is natively integrated with EntraID, Okta, Google, Ping Identity, One Identity, and many other identity providers, enabling simple integration across diverse IAM systems.

Covered Transactions

Online access to payment accounts

Initiating electronic transactions

Anything done remotely which presents a risk of payment fraud

Provisioning of information through a service provider

Choose the method that best suits you

Authentication Methods

Strong Authentication login technologies supported by OpenOTP Security Suite

SEEING
IS BELIEVING

Whether you are buying a car or a security solution, you always want to test drive it before signing on the dotted line. We know this and you know this.

Free PoC

Try Us

WORKFORCE ACCESS & ZERO TRUST

ADVANCED NAC

PRIVILEGED ACCESS

Conditional Access

IAM & FEDERATION

OpenID Connect & SAML2

Secure Transactions

Time-Clock System

MSSP & Multi-Tenant

NIS2 Compliance

Cloud / On-Prem

OpenOTP Security Suite

Spankey / SSH-PAM

Authenticators