PSD2 Secure Transaction Approval

Secure Transaction Approval

Secure your banking transactions

Traditional mechanisms are now insufficient to meet today’s regulatory requirements, security and usability expectations for online transactions.

PSD2 Compliance with transaction approval is possible with OpenOTP Security suite. Online banking and most business processes require controls and approvals. It could be for a large financial transaction, a simple work expense reimbursement or procurement approval.
In banking, these have been traditionally managed using One-Time Passwords (OTP) or PIN codes and in business applications with simple username+password authentication.
These mechanisms are now insufficient to meet today’s regulatory requirements, security and usability expectations.

RCDevs helps you

Secure your transactions

strong customer authentication
PSD2 introduces new regulations to banks operating in Europe: Strong Customer Authentication (SCA) and Dynamic Linking.

Strong customer authentication entails an authentication based on two or more elements categorized as:

1. Knowledge: something you know
2. Possession: something you have
3. Inherence: something you are

They must be independent of each other, meaning that acquiring one factor does not compromise the other. RCDevs OpenOTP helps you meet the PSD2 requirements whilst making your business processes more efficient and user-friendly.

Dynamic linking integrations
Dynamic Linking requirement poses a greater challenge for currently deployed solutions. It requires that the credentials used to approve a payment can only be used to approve the specific payment, that the user is made aware of the amount and payee and that the credentials cannot be used to approve any other or modified payment. Traditional OTP tokens cannot meet this requirement, as the OTP is in no way linked to the transaction details being approved, leaving the user and your business exposed to “man in the middle” attacks. RCDevs OpenOTP allows you to meet these requirements and prevent fraudulent transactions. When approving a transaction using OpenOTP, the user can review the transaction details on their smartphone, including attached documents, and approve or reject the transaction directly. All information is protected with end-to-end encryption and any change to the transaction will invalidate the approval.
Easy to use API
OpenOTP secure transaction approval solution can be easily integrated into existing applications with a flexible and easy-to-use API. OpenOTP provides easy to use API (REST+SOAP) for integrating into your existing business application, minimizing development effort, deployment time and disruption to existing processes. Any business that processes payments that are completed in the European Union, even if only one part of the transaction is in the European Union.

Key Features

Compliant with PSD2 SCA and Dynamic linking requirements
One solution for multi-factor authentication and secure transaction approval
Online communication using end to end encryption
Offline communication using encrypted QR code when the phone does not have a network connection

Covered Transactions

Online access to payment accounts
Initiating electronic transactions
Anything done remotely which presents a risk of payment fraud
Provisioning of information through a service provider