Pushpalanka Jayawardhana, profile picture
Uploaded byPushpalanka Jayawardhana
PDF, PPTX621 views

Frictionless Adaption of PSD2 with WSO2

The document discusses the Payment Services Directive 2 (PSD2), a European regulation that enhances security in electronic payments and mandates multi-factor authentication for payment service providers and banks. It outlines the role of WSO2 Identity Server in implementing PSD2 compliance through features like fine-grained authorization, adaptive authentication, and secure API communications. The document also highlights WSO2's capabilities in supporting the technical requirements and security standards associated with PSD2.

Embed presentation

Download as PDF, PPTX
FRICTIONLESS ADAPTION OF PAYMENT SERVICES DIRECTIVE (PSD2) WITH WSO2 Pushpalanka Jayawardhana Senior Software Engineer April 06, 2017
WSO2 2 ● Founded 2005 ● 450+ employees (300 engineers) ● 375+ customers (120 new in 2016) ● Global offices ○ Mountain View, New York, London, Colombo, São Paolo ● 100% open source ● Deploy anywhere: on-premise or cloud
WSO2 3
OVERVIEW 4 ● Payment Services Directive 2 (PSD2) ○ Background ○ Objectives and Effects ○ Security Implications ● WSO2 Identity Server (IS) ○ Objectives ○ Application Authentication Framework ■ Brief Architecture ○ Capabilities in the direction of PSD2 ■ Multi-factor authentication, Fine grained authorization, Federation... ● Use case demonstration with WSO2 IS and WSO2 API-M
PAYMENT SERVICES DIRECTIVE 2 (PSD 2) ● A new European regulation ● PSD2 published in 2016 Jan as the successor of PSD ● Expected to become a law by 2018 January ● Directly affects payment service providers and banks ● Enforces a secure mechanism for customers to authorize a third party provider(TPP) to have direct access to: ❏ Account and transactional data ❏ Make and authorize payments ● Technical guidance EBA - Regulatory Technical Standards on Strong Customer Authentication and common and secure communication under Article 98 of (PSD2) Background 5
PAYMENT SERVICES DIRECTIVE 2 (PSD 2) Objectives and Effects 6 ● Making electronic payments more secure ● Establish a platform for effective and integrated payment services ● Provide openness required for innovations in the domain, with enhanced competition.
PAYMENT SERVICES DIRECTIVE 2 (PSD 2) ● Two factor Authentication ● Strong authentication is required with at least two factors from below, ■ Knowledge factors (username and password, pin) ■ Possession factors (mobile, security device, token generator) ■ Inherence factors (fingerprint, voice, iris pattern) ● Adaptive Authentication ● Access delegation with explicit user consent ● Fine grained authorization ● Open secured APIs for payment initiation and account information ● Secured Communication ● Fraud detection and audit logs Security Implications 7
PAYMENT SERVICES DIRECTIVE 2 (PSD 2) “Draft Regulatory Technical Standards, explicitly mentions to be based on known standards” ● User authentication (with SSO) ○ SAML 2.0 ○ OpenID Connect ● Access delegation - OAuth 2.0 ● Fine grained authorization - XACML ● Multifactor authentication - SMSOTP, FIDO, DUO, MePin Technology Requirements 8
WSO2 IDENTITY SERVER (IS) ● Supports multi-factor, multi-option authentication ○ Connectors store - https://store.wso2.com/store/assets/isconnector/list ■ MePin, SMSOTP, FIDO, DUO and much more ● Standards SAML 2.0, OAuth2.0, OpenIdConnect, XACML3.0, SCIM ● User Mgt - LDAP, Active Directory, JDBC ... ● Federation framework for ○ Authentication ○ User provisioning ○ Identity protocol mediation ● Workflows ● Analytics with Identity Analytics Server Capabilities in the direction of PSD2 9
10 WSO2 APPLICATION AUTHENTICATION FRAMEWORK
11 CONSUME AUTHENTICATION AT API SECURITY
12 FINE GRAINED AUTHORIZATION ● In the Authentication Flow ○ WSO2 IS can support fine grained authorization with XACML 2.0/3.0 ○ User authentication decision can be affected by other factors ■ Eg. In a specific time interval, users cannot login ● In the API calls ○ WSO2 AM can intercept the flows to apply fine grained authorization ○ Consume authorization decisions from IS, acting as a PEP ■ Eg. API response can be further customized according to user attributes. ● If the user belongs to ‘Platinum’ tier let them take online loans below an amount x.
13 WSO2 IDENTITY SERVER ANALYTICS Login Analytics / Session Analytics ● Track success/failed login attempts by user/service provider/identity provider. ● Detect anomalous login behavior. ● Track all the sessions in the system by user and the duration of the session
REFERENCE ARCHITECTURE WITH WSO2 15 WSO2 Identity Server, WSO2 API Manager, WSO2 ESB
THANK YOU wso2.com

More Related Content

PPTX
The role of IAM in OpenBanking and where do we stand
byPushpalanka Jayawardhana
 
PDF
Building a Fool Proof Security Strategy for PSD2 Compliance
byWSO2
 
PDF
Getting your API Management Strategy on Point for PSD2 Compliance
byWSO2
 
PDF
PISP Journey Based on Open Banking UK
byWSO2
 
PPTX
Winning the battle and the war: API Management for Compliance and Digital Tr...
byWSO2
 
PDF
PSD2: Latvijas Komercbanku asociācijas pozīcija
byLatvijas Banka
 
PDF
PSD2 un GDPR savstarpējā ietekme. Intersections of PSD2 and GDPR
byLatvijas Banka
 
PPTX
OpenID Foundation MODRNA WG Update
byBjorn Hjelm
 
The role of IAM in OpenBanking and where do we stand
byPushpalanka Jayawardhana
 
Building a Fool Proof Security Strategy for PSD2 Compliance
byWSO2
 
Getting your API Management Strategy on Point for PSD2 Compliance
byWSO2
 
PISP Journey Based on Open Banking UK
byWSO2
 
Winning the battle and the war: API Management for Compliance and Digital Tr...
byWSO2
 
PSD2: Latvijas Komercbanku asociācijas pozīcija
byLatvijas Banka
 
PSD2 un GDPR savstarpējā ietekme. Intersections of PSD2 and GDPR
byLatvijas Banka
 
OpenID Foundation MODRNA WG Update
byBjorn Hjelm
 

What's hot

PDF
Blockchain use cases in health and education
byNetcetera
 
PDF
Berlin Group aktualitātes un citi API tehniskie jautājumi
byLatvijas Banka
 
PDF
Regulējošie tehniskie standarti stingrai autentifikācijai un drošai komunikāc...
byLatvijas Banka
 
PPTX
"Client authentication in e-commerce solutions" by Jānis Kūliņš from Tieto La...
byDevClub_lv
 
PDF
apidays LIVE Singapore - Engineering Open Banking with Singpass for Financial...
byapidays
 
PDF
ForgeRock Open banking - Meetup 28/06/2018
byQuentin Castel
 
PDF
eWise at FinDEVr
byLucile Mathe
 
PDF
Mobile Authentication - Onboarding, best practices & anti-patterns
byPieter Ennes
 
PDF
Comprehensive overview FAPI 1 and 2
byTorsten Lodderstedt
 
PPTX
Intelligent authentication Identity tech talks
byLeonard Moustacchis
 
PPTX
Blockchain
byAnil Chaurasiya
 
PDF
Implementing Open Banking with ForgeRock
byForgeRock Identity Tech Talks
 
PDF
Mastercard CMU Capstone Midsummer Presentation
byScott Leinweber
 
PPSX
Secure electronic transaction
byNishant Pahad
 
PPSX
Blockchain Nigel Vooght, PWC
byfinopolis
 
PPTX
Jan Keil - Identity and access management Facts. Challenges. Solution
byTimetogrowup
 
PPT
Octopus Microfinance Suite Functionalities Overview
byvincent.biot
 
PDF
Mudri György: API-bankolás a fintech szemszögéből. Felkészültünk a nyitásra
byFinTechZone
 
PDF
Octopus brochure
byOctopus Microfinance
 
Blockchain use cases in health and education
byNetcetera
 
Berlin Group aktualitātes un citi API tehniskie jautājumi
byLatvijas Banka
 
Regulējošie tehniskie standarti stingrai autentifikācijai un drošai komunikāc...
byLatvijas Banka
 
"Client authentication in e-commerce solutions" by Jānis Kūliņš from Tieto La...
byDevClub_lv
 
apidays LIVE Singapore - Engineering Open Banking with Singpass for Financial...
byapidays
 
ForgeRock Open banking - Meetup 28/06/2018
byQuentin Castel
 
eWise at FinDEVr
byLucile Mathe
 
Mobile Authentication - Onboarding, best practices & anti-patterns
byPieter Ennes
 
Comprehensive overview FAPI 1 and 2
byTorsten Lodderstedt
 
Intelligent authentication Identity tech talks
byLeonard Moustacchis
 
Blockchain
byAnil Chaurasiya
 
Implementing Open Banking with ForgeRock
byForgeRock Identity Tech Talks
 
Mastercard CMU Capstone Midsummer Presentation
byScott Leinweber
 
Secure electronic transaction
byNishant Pahad
 
Blockchain Nigel Vooght, PWC
byfinopolis
 
Jan Keil - Identity and access management Facts. Challenges. Solution
byTimetogrowup
 
Octopus Microfinance Suite Functionalities Overview
byvincent.biot
 
Mudri György: API-bankolás a fintech szemszögéből. Felkészültünk a nyitásra
byFinTechZone
 
Octopus brochure
byOctopus Microfinance
 

Similar to Frictionless Adaption of PSD2 with WSO2

PDF
Secure and Accelerated PSD2 Compliance with WSO2 Open Banking - A Technical D...
byWSO2
 
PDF
PSD2 & Open Banking
bysenakafdo
 
PDF
An Introduction to Open Banking (PSD2)
byPaul Ark (Polapat Arkkrapridi)
 
PPTX
Agile and Adaptable Technology Platforms - Easing the Insanity of the Post PS...
byWSO2
 
PDF
WSO2 Open Banking: Digital Transformation Through PSD2
byWSO2
 
PDF
[WSO2Con EU 2017] Keynote: Digital Transformation in the Guise of a Regulatio...
byWSO2
 
PDF
Σίσσυ Παπαγιαννίδου, Διευθύντρια της Διεύθυνσης Εποπτείας Πιστωτικού Συστήματ...
byStarttech Ventures
 
PPTX
PSD2: Open Banking with APIs
byJason Bloomberg
 
PDF
What’s New With WSO2 Open Banking?
byWSO2
 
PDF
Trends in Banking APIs
byTatsuo Kudo
 
PDF
Sibos 2016 - Access to Account
byAya El Mernissi
 
PDF
Authenticator and provisioning connector in wso2 is
byH Mohammed Rajjaz
 
PDF
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
byProfesia Srl, Lynx Group
 
PDF
PSD2 and the Cyber Security Related Challenges Facing the Financial Services ...
byRoderick Hodgson
 
PPTX
Commodity to Ecosystem - Supporting customer lifestyles beyond banking
byWSO2
 
PDF
What's New With WSO2 Open Banking
byWSO2
 
PDF
Go Beyond PSD2 Compliance with Digital Identity
byForgeRock
 
PDF
Revised Payment Services Directive - A Brief Explanation
byNivin Paramasivam
 
PPTX
Identiverse: PSD2, Open Banking, and Technical Interoperability
byTorsten Lodderstedt
 
PDF
WSO2 ITALIA SMART TALK #3 WSO2 IS NEW FEATURE
byProfesia Srl, Lynx Group
 
Secure and Accelerated PSD2 Compliance with WSO2 Open Banking - A Technical D...
byWSO2
 
PSD2 & Open Banking
bysenakafdo
 
An Introduction to Open Banking (PSD2)
byPaul Ark (Polapat Arkkrapridi)
 
Agile and Adaptable Technology Platforms - Easing the Insanity of the Post PS...
byWSO2
 
WSO2 Open Banking: Digital Transformation Through PSD2
byWSO2
 
[WSO2Con EU 2017] Keynote: Digital Transformation in the Guise of a Regulatio...
byWSO2
 
Σίσσυ Παπαγιαννίδου, Διευθύντρια της Διεύθυνσης Εποπτείας Πιστωτικού Συστήματ...
byStarttech Ventures
 
PSD2: Open Banking with APIs
byJason Bloomberg
 
What’s New With WSO2 Open Banking?
byWSO2
 
Trends in Banking APIs
byTatsuo Kudo
 
Sibos 2016 - Access to Account
byAya El Mernissi
 
Authenticator and provisioning connector in wso2 is
byH Mohammed Rajjaz
 
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
byProfesia Srl, Lynx Group
 
PSD2 and the Cyber Security Related Challenges Facing the Financial Services ...
byRoderick Hodgson
 
Commodity to Ecosystem - Supporting customer lifestyles beyond banking
byWSO2
 
What's New With WSO2 Open Banking
byWSO2
 
Go Beyond PSD2 Compliance with Digital Identity
byForgeRock
 
Revised Payment Services Directive - A Brief Explanation
byNivin Paramasivam
 
Identiverse: PSD2, Open Banking, and Technical Interoperability
byTorsten Lodderstedt
 
WSO2 ITALIA SMART TALK #3 WSO2 IS NEW FEATURE
byProfesia Srl, Lynx Group
 

More from Pushpalanka Jayawardhana

PDF
Authorization for workloads in a dynamically scaling heterogeneous system
byPushpalanka Jayawardhana
 
PDF
Identity mediation for enterprise identity bus
byPushpalanka Jayawardhana
 
PDF
Threads and Concurrency Identifying Performance Deviations in Thread Pools
byPushpalanka Jayawardhana
 
PDF
Approximate Protocol for Privacy Preserving Associate Rule Mining
byPushpalanka Jayawardhana
 
PDF
Leveraging federation capabilities of identity server for api gateway
byPushpalanka Jayawardhana
 
PPTX
Feedback queuing models for time shared systems
byPushpalanka Jayawardhana
 
PPTX
Big Data CDR Analyzer - Kanthaka
byPushpalanka Jayawardhana
 
PDF
Kanthaka - High Volume CDR Analyzer
byPushpalanka Jayawardhana
 
PDF
Experience at WSO2 as an Intern
byPushpalanka Jayawardhana
 
PPTX
Cosmology in general
byPushpalanka Jayawardhana
 
Authorization for workloads in a dynamically scaling heterogeneous system
byPushpalanka Jayawardhana
 
Identity mediation for enterprise identity bus
byPushpalanka Jayawardhana
 
Threads and Concurrency Identifying Performance Deviations in Thread Pools
byPushpalanka Jayawardhana
 
Approximate Protocol for Privacy Preserving Associate Rule Mining
byPushpalanka Jayawardhana
 
Leveraging federation capabilities of identity server for api gateway
byPushpalanka Jayawardhana
 
Feedback queuing models for time shared systems
byPushpalanka Jayawardhana
 
Big Data CDR Analyzer - Kanthaka
byPushpalanka Jayawardhana
 
Kanthaka - High Volume CDR Analyzer
byPushpalanka Jayawardhana
 
Experience at WSO2 as an Intern
byPushpalanka Jayawardhana
 
Cosmology in general
byPushpalanka Jayawardhana
 

Recently uploaded

PPTX
Managing Multiple Projects from One ERP Dashboard - by biCanvas ERP
bybiCanvasERP
 
PDF
DSD-INT 2025 MODFLOW 6 Developments - Langevin
byDeltares
 
PDF
Software Development Company in India.pdf
byitswssoftware
 
PDF
AI Concepts - MCP Neurons
byPhilip Schwarz
 
PDF
apidays Paris 2025 - What If GraphQL Knew Accessibility.pdf
byapidays
 
PDF
What Web Teams Need to Know About Building API-Powered Websites
byAlex Halsey
 
PDF
The Hidden Cost of “Quick” Web App Development
byiProgrammer Solutions Private Limited
 
PDF
DSD-INT 2025 The National Hydrological Model of Denmark and its enhancements ...
byDeltares
 
PDF
Mastering ROS 2 for Robotics Programming.pdf
byssuser4e6c051
 
PPTX
Cloud_Computing_Presentation FOR BCA.pptx
bysharma79822
 
PDF
DSD-INT 2025 Coupled modeling in Ribasim - Linking Water Availability and Qua...
byDeltares
 
PDF
Common CRM Implementation Mistakes & How to Avoid Them.pdf
byCRMLeaf
 
PPT
C++ how to program 10 edition Harvey Deitel
byatisyemen
 
PDF
apidays Paris 2025 | AI and APIs - Ensuring Platform Migration Reliability wi...
byapidays
 
PDF
Wormhole Token – Smart Contract Security Audit Report by EtherAuthority
byEtherAuthority
 
PPTX
Why Airline Platforms Fail at Change and How Etihad Fixed It
byIT IDOL Technologies
 
PDF
Dues Collection Software Intelligent Revenue Management.pdf
byCollege Pro
 
PDF
Achieving App Stability through mobile performance testing
byAvekshaa Technologies
 
PDF
DSD-INT 2025 Flexible Reservoir Modelling with Ribasim - From Simple to Compl...
byDeltares
 
PDF
ment.tech-What Infrastructure as Code Means for Businesses.pdf
bysj2643598
 
Managing Multiple Projects from One ERP Dashboard - by biCanvas ERP
bybiCanvasERP
 
DSD-INT 2025 MODFLOW 6 Developments - Langevin
byDeltares
 
Software Development Company in India.pdf
byitswssoftware
 
AI Concepts - MCP Neurons
byPhilip Schwarz
 
apidays Paris 2025 - What If GraphQL Knew Accessibility.pdf
byapidays
 
What Web Teams Need to Know About Building API-Powered Websites
byAlex Halsey
 
The Hidden Cost of “Quick” Web App Development
byiProgrammer Solutions Private Limited
 
DSD-INT 2025 The National Hydrological Model of Denmark and its enhancements ...
byDeltares
 
Mastering ROS 2 for Robotics Programming.pdf
byssuser4e6c051
 
Cloud_Computing_Presentation FOR BCA.pptx
bysharma79822
 
DSD-INT 2025 Coupled modeling in Ribasim - Linking Water Availability and Qua...
byDeltares
 
Common CRM Implementation Mistakes & How to Avoid Them.pdf
byCRMLeaf
 
C++ how to program 10 edition Harvey Deitel
byatisyemen
 
apidays Paris 2025 | AI and APIs - Ensuring Platform Migration Reliability wi...
byapidays
 
Wormhole Token – Smart Contract Security Audit Report by EtherAuthority
byEtherAuthority
 
Why Airline Platforms Fail at Change and How Etihad Fixed It
byIT IDOL Technologies
 
Dues Collection Software Intelligent Revenue Management.pdf
byCollege Pro
 
Achieving App Stability through mobile performance testing
byAvekshaa Technologies
 
DSD-INT 2025 Flexible Reservoir Modelling with Ribasim - From Simple to Compl...
byDeltares
 
ment.tech-What Infrastructure as Code Means for Businesses.pdf
bysj2643598
 

Frictionless Adaption of PSD2 with WSO2

  • 1.
    FRICTIONLESS ADAPTION OF PAYMENTSERVICES DIRECTIVE (PSD2) WITH WSO2 Pushpalanka Jayawardhana Senior Software Engineer April 06, 2017
  • 2.
    WSO2 2 ● Founded 2005 ●450+ employees (300 engineers) ● 375+ customers (120 new in 2016) ● Global offices ○ Mountain View, New York, London, Colombo, São Paolo ● 100% open source ● Deploy anywhere: on-premise or cloud
  • 3.
  • 4.
    OVERVIEW 4 ● Payment ServicesDirective 2 (PSD2) ○ Background ○ Objectives and Effects ○ Security Implications ● WSO2 Identity Server (IS) ○ Objectives ○ Application Authentication Framework ■ Brief Architecture ○ Capabilities in the direction of PSD2 ■ Multi-factor authentication, Fine grained authorization, Federation... ● Use case demonstration with WSO2 IS and WSO2 API-M
  • 5.
    PAYMENT SERVICES DIRECTIVE2 (PSD 2) ● A new European regulation ● PSD2 published in 2016 Jan as the successor of PSD ● Expected to become a law by 2018 January ● Directly affects payment service providers and banks ● Enforces a secure mechanism for customers to authorize a third party provider(TPP) to have direct access to: ❏ Account and transactional data ❏ Make and authorize payments ● Technical guidance EBA - Regulatory Technical Standards on Strong Customer Authentication and common and secure communication under Article 98 of (PSD2) Background 5
  • 6.
    PAYMENT SERVICES DIRECTIVE2 (PSD 2) Objectives and Effects 6 ● Making electronic payments more secure ● Establish a platform for effective and integrated payment services ● Provide openness required for innovations in the domain, with enhanced competition.
  • 7.
    PAYMENT SERVICES DIRECTIVE2 (PSD 2) ● Two factor Authentication ● Strong authentication is required with at least two factors from below, ■ Knowledge factors (username and password, pin) ■ Possession factors (mobile, security device, token generator) ■ Inherence factors (fingerprint, voice, iris pattern) ● Adaptive Authentication ● Access delegation with explicit user consent ● Fine grained authorization ● Open secured APIs for payment initiation and account information ● Secured Communication ● Fraud detection and audit logs Security Implications 7
  • 8.
    PAYMENT SERVICES DIRECTIVE2 (PSD 2) “Draft Regulatory Technical Standards, explicitly mentions to be based on known standards” ● User authentication (with SSO) ○ SAML 2.0 ○ OpenID Connect ● Access delegation - OAuth 2.0 ● Fine grained authorization - XACML ● Multifactor authentication - SMSOTP, FIDO, DUO, MePin Technology Requirements 8
  • 9.
    WSO2 IDENTITY SERVER(IS) ● Supports multi-factor, multi-option authentication ○ Connectors store - https://store.wso2.com/store/assets/isconnector/list ■ MePin, SMSOTP, FIDO, DUO and much more ● Standards SAML 2.0, OAuth2.0, OpenIdConnect, XACML3.0, SCIM ● User Mgt - LDAP, Active Directory, JDBC ... ● Federation framework for ○ Authentication ○ User provisioning ○ Identity protocol mediation ● Workflows ● Analytics with Identity Analytics Server Capabilities in the direction of PSD2 9
  • 10.
  • 11.
  • 12.
    12 FINE GRAINED AUTHORIZATION ●In the Authentication Flow ○ WSO2 IS can support fine grained authorization with XACML 2.0/3.0 ○ User authentication decision can be affected by other factors ■ Eg. In a specific time interval, users cannot login ● In the API calls ○ WSO2 AM can intercept the flows to apply fine grained authorization ○ Consume authorization decisions from IS, acting as a PEP ■ Eg. API response can be further customized according to user attributes. ● If the user belongs to ‘Platinum’ tier let them take online loans below an amount x.
  • 13.
    13 WSO2 IDENTITY SERVERANALYTICS Login Analytics / Session Analytics ● Track success/failed login attempts by user/service provider/identity provider. ● Detect anomalous login behavior. ● Track all the sessions in the system by user and the duration of the session
  • 15.
    REFERENCE ARCHITECTURE WITHWSO2 15 WSO2 Identity Server, WSO2 API Manager, WSO2 ESB
  • 16.