TryTRY
BuyBUY
  • newsletter
  • contact
  • corporate
  • careers
Utimaco
TRYour free HSM simulator
BUYget a quote
  • home
  • solutions
  • products
  • services
  • blog
  • downloads
  • partners
  • company

Utimaco Portal

Here you will find everything you need as a partner and customerLogin required

  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research

Home / Blogs / An Introduction to the Regulatory Technical Standards for Strong Customer Authentication – Part 3: Achieving Transactional & Account Security

An Introduction to the Regulatory Technical Standards for Strong Customer Authentication – Part 3: Achieving Transactional & Account Security

November 09, 2020

The Regulatory Technical Standards (RTS) is a supplementary directive designed to complement the Revised Payment Service Directives (PSD2), eIDAS and any other such cases where Strong Customer Authentication is required.

In Part 1 and Part 2 of our series on the Regulatory Technical Standards, we looked at how it complements eIDAS and PSD2 respectively. RTS not only stipulates the specifics of achieving Strong Customer Authentication, but it also lays the groundwork for establishing secure communication between various parties to an online transaction.

While on the surface it may seem like the Regulatory Technical Standards on Strong Customer Authentication have been designed to target a very specific problem (that of customer authentication), they in fact comprehensively target broader transactional security in the following ways:

  • RTS allows for technologically neutral resolutions. Solution providers can choose from a variety of methods including one-time passwords, digital signatures or other cryptographically underpinned validity assertions. This allows for customization based on cost considerations and technological compatibility with other systems, as long as the minimum security criteria are met.
  • Dynamic linking of transactions with authentication codes is another RTS requirement which provides another layer of security and protection against fraud and misuse.
  • Consumers often cite security as a primary deterrent to engaging in online payment transactions. This is obviously a hindrance to the goal of achieving a Digital Single Market and RTS provides for mechanisms to safeguard against such activities. With rapidly evolving cyber threats, transaction monitoring mechanisms are necessary to ensure that security credentials have not been lost or compromised.
  • In terms of transaction volume, retail customers obviously account for the lion’s share. But in terms of transaction value, corporate and institutional clients dominate. RTS requirements for Strong Customer Authentication are applicable to both groups and apply to natural persons as well as corporate entities.
  • All the security in the world would be for nothing if the customer experience is not good enough for him or her to engage in the transactions in the first place. Requiring frequent intervention for recurring transactions or for very small value micro-transactions might not be desired or necessary. RTS provides exemptions for such cases.
  • New call-to-actionRTS encourages the dynamic setting of risk levels on a transactional basis based on real-time transaction risk analysis. What this essentially means is that even low value exempted transactions might require SCA if the transaction is deemed unusual based on real time analysis. While at the same time, additional exemptions from SCA may be allowed for transactions that are deemed to be low risk. This entire mechanism is obviously dependent on the effectiveness of the real time risk analysis algorithms used.
  • In order to gauge the effectiveness of the real-time transaction risk analysis mentioned above, service providers would also be required to calculate fraud rates and report the data to the European Banking Authority (EBA) and other competent authorities.
    This means that service providers which are better at protecting their customers from fraud would be allowed more exemptions and will therefore have more leeway in designing hassle-free mechanisms.

Conclusion

Although some service providers have offered reservations about RTS, there is definitely enough flexibility built-in to allow for a multitude of approaches to achieving the goal of transactional and account security. By making exemption thresholds dynamic based on actual performance, service providers with better systems and procedures will have even more options available to them. For the end users, this means better security and the assurance of certain minimum standards.

New call-to-action

References and further reading

  • Selected Articles on eIDAS (2018 – today), by Gaurav Sharma, Dawn Turner, Utimaco and more
  • Selected Articles on PSD2 (2018 – today), by Gaurav Sharma, David McNeal, Utimaco and more
  • REGULATION (EU) No 910/2014  on Electronic Identification and Trust Services for Electronic Transactions in the Internal Market and repealing Directive 1999/93/EC (28.8.2014), by the European Parliament and the Council
  • COMMISSION DELEGATED REGULATION (EU) 2018/389 of 27 November 2017 supplementing Directive (EU) 2015/2366 with regard to Regulatory Technical Standards for Strong Customer Authentication and Common and Secure Open Standards of Communication (27.11.2017), by the European Parliament and the Council
Back to overview

Stay on top of our news
Don’t miss out on any Utimaco updates

Subscribe to Utimaco Newsletter

We will keep you posted with news from Utimaco and the industries we protect, as well as information on upcoming events and webinars.

Subscribe now

Partners

Komar Consulting Inc. - Utimaco Hardware Security Modules Partner Envoy Data Corporation - Utimaco Hardware Security Modules Partner Macroseguridad Telegrupp AS MIcrosec Abrantix AG PETA (Thailand) Co., Ltd. Cryptomathic GmbH Safesoft Kft. Real security d.o.o. Utimaco HSM - QuintessenceLabs Throughwave (Thailand) Co.,Ltd - Utimaco Hardware Security Modules Partner Altacom UAB Baas Control s.r.o. Skytech Computing Solutions Limited. - Utimaco Hardware Security Modules Partner Synergy Computers (Pvt.) Ltd. - Utimaco Hardware Security Modules Partner Fortiedge Pte Ltd. IQuantics Corp intarsys AG Ascertia - Utimaco Hardware Security Modules Partner MTG - Utimaco Hardware Security Modules Partner Softline Solutions GmbH Compumatica secure networks GmbH JJNet International Co., Limited - Utimaco Hardware Security Modules Partner Clearkey Consulting - Utimaco Hardware Security Modules Partner Cogito Group Pty Ltd Utimaco HSM - InfoGuard Swiss Cyber Security CREAplus Italia S.r.l Utimaco HSM - PTESA_profesionales en transacciones electronicas Encryption Consulting LLC Thomas-Krenn.AG CREA plus d.o.o. Cyber Armor Pte Ltd ESYSCO Sp. z o.o. PKI Solutions Inc. Microexpert Limited CertiSur S.A. VAR Group SpA - Utimaco Hardware Security Modules Partner MALKOM D.Malińska i Wspólnicy s.j. Primekey Solutions AB Compumatica secure networks B.V. CewTec S.A. E-Sign S.A. Cryptomathic Inc. Cryptomathic A/S Rohde & Schwarz Cybersecurity GmbH Perceptus-sp.-z-o.-o. Fornetix - Utimaco Hardware Security Modules Partner Nexus - Utimaco Hardware Security Modules Partner Astel (UK) Ltd. - Utimaco Hardware Security Modules Partner EUROPEAN DYNAMICS SA. PrimeKey Labs GmbH Secure Source Distribution (M) Sdn Bhd - Utimaco Hardware Security Modules Partner Nexus Technology GmbH cv cryptovision GmbH Nexus - Utimaco Hardware Security Modules Partner AKEA S.A. - Utimaco Hardware Security Modules Partner Versasec SecureMetric Technology Sdn. Bhd. CEGA Security
Find a partner

Share this page

EMEA

Utimaco IS GmbH
Germanusstraße 4
52080 Aachen
Germany
Phone: + 49 241 1696 200

Americas

Utimaco Inc.
900 E Hamilton Ave., Suite 400
Campbell, CA 95008
USA
Phone: +1 844 UTIMACO

APAC

Utimaco IS Pte Limited
80 Raffles Place,
#32-01, UOB Plaza
Singapore 048624
Phone: +65 6622 5347

Utimaco

  • support
  • corporate
  • careers
  • legal
  • terms & conditions
  • privacy
  • cookie-policy
© 2021
to top
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research