PSD2 Secure Transaction Approval

PSD2
Secure Transaction Approval

Secure your banking transactions

Traditional mechanisms are now insufficient to meet today’s regulatory requirements, security and usability expectations for online transactions.

PSD2 Compliance with transaction approval is possible with OpenOTP Security suite. Online banking and most business processes require controls and approvals. It could be for a large financial transaction, a simple work expense reimbursement or procurement approval.
In banking, these have been traditionally managed using One-Time Passwords (OTP) or PIN codes and in business applications with simple username+password authentication.
These mechanisms are now insufficient to meet today’s regulatory requirements, security and usability expectations.

RCDevs helps you

Secure your transactions

strong customer authentication
The Revised Payment Services Directive (PSD2) introduces significant new regulations for banks and financial institutions operating in Europe, particularly focusing on enhancing security and customer trust. Among these key regulations are Strong Customer Authentication (SCA) and Dynamic Linking.

Strong Customer Authentication mandates that customer authentication must be based on two or more independent elements from the following categories:

1. Knowledge: Something the user knows (e.g., a password or PIN).
2. Possession: Something the user has (e.g., a mobile device or hardware token).
3. Inherence: Something the user is (e.g., biometric data like fingerprints or facial recognition).
These elements must be independent of each other, ensuring that a compromise of one factor does not jeopardize the others. This requirement enhances security by making unauthorized access significantly more difficult.

RCDevs OpenOTP is designed to help your organization comply with PSD2 requirements, including SCA, while also improving the efficiency and user-friendliness of your business processes. Our solution ensures that your authentication mechanisms are not only compliant but also streamlined and easy for your customers to use, providing a secure and seamless experience in line with the latest regulatory standards.

Dynamic linking integrations
Dynamic Linking requirement poses a greater challenge for currently deployed solutions. It requires that the credentials used to approve a payment can only be used to approve the specific payment, that the user is made aware of the amount and payee and that the credentials cannot be used to approve any other or modified payment. Traditional OTP tokens cannot meet this requirement, as the OTP is in no way linked to the transaction details being approved, leaving the user and your business exposed to “man in the middle” attacks. RCDevs OpenOTP allows you to meet these requirements and prevent fraudulent transactions. When approving a transaction using OpenOTP, the user can review the transaction details on their smartphone, including attached documents, and approve or reject the transaction directly. All information is protected with end-to-end encryption and any change to the transaction will invalidate the approval.
Easy to use API
OpenOTP secure transaction approval solution can be easily integrated into existing applications with a flexible and easy-to-use API. OpenOTP provides easy to use API (REST+SOAP) for integrating into your existing business application, minimizing development effort, deployment time and disruption to existing processes. Any business that processes payments that are completed in the European Union, even if only one part of the transaction is in the European Union.

Key Features

Compliant with PSD2 SCA and Dynamic linking requirements
One solution for multi-factor authentication and secure transaction approval
Online communication using end to end encryption
Offline communication using encrypted QR code when the phone does not have a network connection

Unified IAM Federation

Native IAM Integration

OpenOTP is compatible with local directories such as Active Directory (AD) and LDAP, providing extensive support for on-premise environments. Additionally, it is natively integrated with EntraID, Okta, Google, Ping Identity, One Identity, and many other identity providers, enabling simple integration across diverse IAM systems.

Covered Transactions

Online access to payment accounts
Initiating electronic transactions
Anything done remotely which presents a risk of payment fraud
Provisioning of information through a service provider

SEEING
IS BELIEVING

Whether you are buying a car or a security solution, you always want to test drive it before signing on the dotted line. We know this and you know this.

Contact us for your Free PoC or check it out for yourself.

EN