Banking Revolution & Security Challenges caused by PSD2


Deel dit evenement

Datum en tijd





Kaart bekijken

Vrienden die gaan
Beschrijving van het evenement


April 27th 2017, LSEC in collaboration with Eggsplore (B-Hive) organize a specialized event for Fintech and Cyber Security - transactional security specialists. On the verge of the RTS (Regulatory Technical Standards on Strong Customer Authentication and Common and Secure Communication) under PSD2 (Directive 2015/2366). The aim of this event is to jointly explore innovation, interests and opportunities for ict security experts and financial services experts.

Third party access to accounts (XS2A), the use of API’s to connect merchant and the bank directly and the ability to consolidate account information in 1 portal and managed by new providers (not necessarily banks!) ...the updated Payment Service Directive (PSD2) will undoubtedly disrupt payment services in Europe.

On 12 January 2016, the revised Payment Services Directive (EU) 2015/2366 entered into force in the European Union, and will apply from 13 January 2018. The PSD2 aims in particular at ensuring that all payment services offered electronically are carried out in a secure manner, adopting technologies able to guarantee the safe authentication of the user and to reduce, to the maximum extent possible, the risk of fraud. To that end, Article 98 foresees that EBA shall develop, in close cooperation with the ECB, draft Regulatory Technical Standards specifying the requirements of the strong customer authentication (SCA), the exemptions from the application of strong customer authentication, the requirements with which security measures have to comply in order to protect the confidentiality and the integrity of the payment service users’ (PSU) personalised security credentials, and the requirements for common and secure open standards of communication between account servicing payment service providers (ASPSP), Payment Initiation Services (PIS) providers, Account Information Services (AIS) providers, payers, payees and other payment service providers.

The Challenge and Threat to Some, the Opportunity and Potential for other
Banks will no longer only be competing against banks, but everyone offering financial services. And as they are obligated to provide these third-party providers access to their customers’ accounts; their competition are building their financial services on top of the banks’ data and infrastructure.

Besides the fact that the PSD2 will already cause major security challenges in its own, the directive also aims to make electronic payments safer and more secure, introducing enhanced security measures to be implemented by all payment service providers, including banks. At the same time, it will be a challenge for technology- based newcomers to meet the expectations of both the consumers and the European regulatory bodies; ensuring the highest levels of security are implemented.

What is impact of the new security value chain, roles and responsibilities, development of open API’s, how should banks respond? What are the main challenges for newcomers to this market? What are the authentication challenges, solutions and best practices to handle third party access to accounts (XS2A) ?.....These and other questions will be answered April 27th, in Brussels. It is a unique combination of regulatory requirements, business impact and challenges for practice that we are focusing on, a difference from either the pure legal or technology perspectives.

This event will be co-organized by LSEC - Leaders In Security and its partners (Agoria Banking Technology Club - Agoria ICT, TeleTrust, Pole SCS, UK Cyber Security Forum, ... ) and B-HIVE - Eggsplore.

Sponsoring and speaking opportunities and PARTICIPATION are extremely limited and UPON REGISTRATION AND CONFIRMATION ONLY.

Preliminary Agenda

08.30u : Registration, Welcome Coffee & Networking
08.40u : Pre-organized Networking action F2F’s part 1

09.30u : introduction by Ulrich Seldeslachts LSEC & Wim De Waele B-HIVE

09.45u : opening keynote : Open Bank Project, Jarkko Turunen, Nordea Openbank Project

10.25u : disruptive open banking applications challenges and opportunities, Paul Grembers, The Glue

10.45u : keynote PSD2 & RTS recent developments and implications : Jorke Kamstra, NBB
At the National Bank of Belgium, Jorke is responsible for supervising banks and financial market infrastructures. He specializes in IT audits ( including cyber security audits); and is active in the Working Groups that are discussing and formalizing the technical details and implications of RTS (regulatory technical standards)

11.25u : panel discussion : business opportunities & security challenges
- ING Bank, (speaker to be confirmed)
- Jarkko Turunen, Nordea
- Paul Grimbers, The Glue
- Twiki, Dominique Adriansens
- NBB, Jorke Kamstra

(newly introduced panel members will be asked to give a 5-10 minute introduction on their activities and challenges related to security from a high level perspective)

12.35u : Lunch break & Networking

13.25 : Security Keynote 1 : trust mechanics and RTS & SCA challenges -
Secure Access means more than Strong Authentication, by Marc Van Maele, CEO Trustbuilder & SecurIT
The use of strong authentication is deemed absolutely necessary to raise the identity assurance level in performing high-value operations or transactions. However, there are several challenges that one needs to overcome in order to effectively adopt strong authentication as a strategic, enterprise-wide security solution. Since the validation of a user’s identity is increasingly handled by third parties, this requires a much more dynamic behavior and a frictionless user experience that can easily be adapted over time. In addition, it requires security measures able to deal with just any set of contextual information that might influence the selection of the right authentication mechanism for a transaction. API Gateways, and how they deal with API security, has been the talk of the town for the past few years. Looking at this from the perimeter angle is not enough. Security doesn’t stop at the entry-point of the API provider, considering that it’s not only about talking to a single API but to an eco-system of services that consists of potentially hundreds of APIs. Not only do we have to validate the access rights of the calling party (end-user or client) but we must consider the delegated rights of all peers.

13.55 : security panel discussion 1 :
SCA, identities, authorization, authentication, federation, IDAAS and EIDAS

- JustPOM, Tom Totte
- Vasco Data Security, Frederik Mennes, Senior Manager Market & Security
- Marc Vanmaele, CEO, Trustbuilder & SecurIT
- Joeri Lieten, Payconiq
- Olaf Jonckers, Belgian Mobile ID
- Isabel (speaker to be announce)

(newly introduced panel members will be asked to give a 5-10 minute introduction on their activities and challenges related to security from a high level perspective)

15.10 : Coffee Break & Networking

15.40 : security keynote 2 : beyond PSD2 RTS & SCA and moving towards open banking
With great opportunity comes great responsibility - Operationalizing PSD2 API & Platform Banking Systems, by Rik De Deyn, Senior Director Banking, Oracle The API and Collaborative Economy provides great opportunities, through PSD2 and beyond. With great opportunity comes great responsibility. Rik will take a look at the reality and best practices of operationalizing PSD2 API and Platform Banking systems. He will also look at characteristics of an API platform, and ways to monetize the PSD2 XS2A mandate, for banks and Fintech companies.

16.10 : security panel discussion 2 :
open banking API’s security challenges, roles of TPP, MITM, consent management

- Joeri Lieten, Payconiq
- Mastercard, (speaker to be confirmed)
-, Karl-Lodewijck Lefevre
- Android Pay, Anthony Belpaire
- Oracle, Rik De Deyn

17.10 : security keynote 3 : BAE Systems, Gareth Evans, Senior Fraud Prevention Consultant
Identifying & Detecting Fraud, preventing cyber security threats and advanced monitoring for compliance. 17.40 : security panel 3 discussion : fraud & cyber security challenges, detection, prevention, mitigation and incident management activities - Ingenico, Thierry Koopman, Security Officer - BAE, Gareth Evans, Senior Fraud Prevention Consultant - KPMG, Els Hostyn - (Cybereason, Simon Minton) - Simon Redfern, Tesobe – Open Banking Project

18.40 : closing notes & announcements
18.50 : networking reception
18.50 : Pre-organised networking action F2F – part 2
20.00 : end of event

Audiences- level of Expertise
- Bank Enterprise CISO’s / Security Managers - Bank Enterprise Security Architects - FinTech company CEO, CISO, Security Architect - Policy Makers - Authentication and security solution providers - IT Audit Managers

For more information, please visit the following sources :

Draft Regulatory Technical Standards on Strong Authentication and Secure Communication under PSD2 (Source : EBA)

9 key takeaways from the draft regulatory technical standards (Source : PaymentEye)

PSD2 : RTS (Source : OsbornClarke)

Participation is free of charge upon prior registration AND CONFIRMATION BY THE ORGANIZERS ONLY!
Participants interested in the handouts and presentations of the day will be charged a minor fee (121 €) to accommodate for the handling costs and taxes.

Delen met vrienden

Datum en tijd




Kaart bekijken

Sla dit evenement op

Evenement opgeslagen