Contenu connexe Similaire à Are You Ready for PSD2? (20) Are You Ready for PSD2?1. NEW THREATS FROM NEW
REGULATIONS COULD
IMPACT YOUR FIRM
CYBER
READY?
ARE YOU
FINANCIAL SERVICES
TECHNOLOGY ADVISORY
2. THE CHANGING
CYBER ATTACK
LANDSCAPE
Fake Banking Apps
Mobile Banking Malware
Ransomware
Mobile Trojans
Classical Trojans
Banking Malware
AND NOW
THERE’S PSD2…
Cyber attacks are on
the rise and becoming
more sophisticated
Copyright © 2017 Accenture. All rights reserved. 2
3. A new regulatory requirement
for banks operating within
the European Union (EU).
(revised/second payment service directive)
WHAT IT IS
Requires banks to open
application programming
interfaces (APIs) and allow all
payment service providers (PSPs)
to access customer information
and initiate transactions.
WHAT IT DOES
Copyright © 2017 Accenture. All rights reserved. 3
5. POTENTIAL NEW
RISKS FROM PSD2
Copyright © 2017 Accenture. All rights reserved. 5
The number of PSPs with criminal
intent could rise, further exacerbating
banking cyber security challenges
and increasing costs.
The number of fake multi-banking
apps could grow exponentially,
leading to customer identity theft
and data breaches.
MULTI-
BANKING
MALWARE
MORE
MALICIOUS
PSPS
6. POTENTIAL NEW
RISKS FROM PSD2
Copyright © 2017 Accenture. All rights reserved. 6
Cyber attacks against PSPs could
result in denials of service to banks,
arising from hacked PSP servers.
Failure by PSPs to appropriately
protect their security certificates
(e-Seals) could create opportunities
for cyber criminals to steal them
and access the bank’s APIs for
criminal intent.
STOLEN
CERTIFICATE
MISUSE
ATTACKS
AGAINST
PSPS
7. THINGS
YOU
SHOULD
DO!
Deeply embed security protection into APIs
through the following measures:
Do not allow your core
banking system to be
directly accessible
through the internet
THEN…
1 2 3Maintain a high
logging level
Restrict access to
APIs through validated
certificates (e-Seals)
Copyright © 2017 Accenture. All rights reserved. 7
8. FURTHER PROTECT
YOUR BANK
Implementing screen scraping protections
Closely monitoring PSP activity to detect
anomalies that point to fraud
Strengthening security authentication to
discourage and curtail unauthorized payments
Establishing a high level of protection against
Distributed Denial-of-Service (DDoS) attacks
Strongly controlling access to certificate-
based APIs
Locking out unauthorized banking software
Copyright © 2017 Accenture. All rights reserved. 8
9. HOW ACCENTURE
CAN HELP
Establishing new
open APIs as well
as the security
measures to protect
them can be a big
challenge. We help
banks prepare for
and respond to this
challenge by:
Analyzing and assessing
current applications and
cyber defense capabilities
Conducting readiness
checks against the new
API requirements
Supporting the design
of new open APIs
Developing new security
and cyber defense
capabilities and
mechanisms
Integrating new cyber
defense mechanisms
and APIs into your
existing infrastructure
Copyright © 2017 Accenture. All rights reserved. 9
10. OR…
Accenture also offers
A partially outsourced and
cost-effective cyber defense
solution tailored to your needs.
AS A SERVICE
Copyright © 2017 Accenture. All rights reserved. 10
12. ABOUT ACCENTURE
Accenture is a leading global professional
services company, providing a broad range of
services and solutions in strategy, consulting,
digital, technology and operations. Combining
unmatched experience and specialized skills
across more than 40 industries and all business
functions—underpinned by the world’s largest
delivery network—Accenture works at the
intersection of business and technology to help
clients improve their performance and create
sustainable value for their stakeholders. With
approximately 425,000 people serving clients
in more than 120 countries, Accenture drives
innovation to improve the way the world works
and lives. Visit us at www.accenture.com
DISCLAIMER
This presentation is intended for general informational purposes only and does not take into account the reader’s specific
circumstances, and may not reflect the most current developments. Accenture disclaims, to the fullest extent permitted
by applicable law, any and all liability for the accuracy and completeness of the information in this presentation and for
any acts or omissions made based on such information. Accenture does not provide legal, regulatory, audit, or tax
advice. Readers are responsible for obtaining such advice from their own legal counsel or other licensed professionals.
Copyright © 2017 Accenture
All rights reserved.
Accenture, its logo, and
High Performance Delivered
are trademarks of Accenture.