Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Frictionless Adoption of Payment Services Directive (PSD2) with WSO2


Published on

The Payment Services Directive 2 (PSD2) is the revised version of it’s predecessor, with intentions of making electronic payments more secure and establishing a platform for an effective and integrated payment service. It introduces enhanced security measures to be implemented by all payment service providers by January 2018. PSD2 mandates the use of at least two factors for customer authentication, for enhanced security of transactions while enforcing payment service providers to open consumer data via secured open APIs.

The WSO2 Identity and Access Management (IAM) and WSO2 API Management platforms can cater to all the above requirements. WSO2 Identity Server provides support for multi-factor authentication including SMSOTP, FIDO and DUO and bears the extendability to support any other mechanism. WSO2 API Manager provides comprehensive support for API management including securing APIs, monitoring, and throttling. In this webinar, we will discuss and demonstrate how WSO2 can help you with PSD2.

This webinar will discuss -

Introduction to PSD2
Introduction to WSO2 Identity Server - Authentication framework
How to configure multi-factor authentication in WSO2 Identity Server
How to secure an API in WSO2 API Manager
Demonstration of a sample flow that involves data retrieval from a secured API, multi-factor authentication of users and monitoring capabilities

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Frictionless Adoption of Payment Services Directive (PSD2) with WSO2

  1. 1. FRICTIONLESS ADAPTION OF PAYMENT SERVICES DIRECTIVE (PSD2) WITH WSO2 Pushpalanka Jayawardhana Senior Software Engineer April 06, 2017
  2. 2. WSO2 2 ● Founded 2005 ● 450+ employees (300 engineers) ● 375+ customers (120 new in 2016) ● Global offices ○ Mountain View, New York, London, Colombo, São Paolo ● 100% open source ● Deploy anywhere: on-premise or cloud
  3. 3. WSO2 3
  4. 4. OVERVIEW 4 ● Payment Services Directive 2 (PSD2) ○ Background ○ Objectives and Effects ○ Security Implications ● WSO2 Identity Server (IS) ○ Objectives ○ Application Authentication Framework • Brief Architecture ○ Capabilities in the direction of PSD2 • Multi-factor authentication, Fine grained authorization, Federation... ● Use case demonstration with WSO2 IS and WSO2 API-M
  5. 5. PAYMENT SERVICES DIRECTIVE 2 (PSD 2) ● A new European regulation ● PSD2 published in 2016 Jan as the successor of PSD ● Expected to become a law by 2018 January ● Directly affects payment service providers and banks ● Enforces a secure mechanism for customers to authorize a third party provider(TPP) to have direct access to: ❏ Account and transactional data ❏ Make and authorize payments ● Technical guidance EBA - Regulatory Technical Standards on Strong Customer Authentication and common and secure communication under Article 98 of (PSD2) Background 5
  6. 6. PAYMENT SERVICES DIRECTIVE 2 (PSD 2) Objectives and Effects 6 ● Making electronic payments more secure ● Establish a platform for effective and integrated payment services ● Provide openness required for innovations in the domain, with enhanced competition.
  7. 7. PAYMENT SERVICES DIRECTIVE 2 (PSD 2) ● Two factor Authentication ● Strong authentication is required with at least two factors from below, • Knowledge factors (username and password, pin) • Possession factors (mobile, security device, token generator) • Inherence factors (fingerprint, voice, iris pattern) ● Adaptive Authentication ● Access delegation with explicit user consent ● Fine grained authorization ● Open secured APIs for payment initiation and account information ● Secured Communication ● Fraud detection and audit logs Security Implications 7
  8. 8. PAYMENT SERVICES DIRECTIVE 2 (PSD 2) “Draft Regulatory Technical Standards, explicitly mentions to be based on known standards” ● User authentication (with SSO) ○ SAML 2.0 ○ OpenID Connect ● Access delegation - OAuth 2.0 ● Fine grained authorization - XACML ● Multifactor authentication - SMSOTP, FIDO, DUO, MePin Technology Requirements 8
  9. 9. WSO2 IDENTITY SERVER (IS) ● Supports multi-factor, multi-option authentication ○ Connectors store - • MePin, SMSOTP, FIDO, DUO and much more ● Standards SAML 2.0, OAuth2.0, OpenIdConnect, XACML3.0, SCIM ● User Mgt - LDAP, Active Directory, JDBC ... ● Federation framework for ○ Authentication ○ User provisioning ○ Identity protocol mediation ● Workflows ● Analytics with Identity Analytics Server Capabilities in the direction of PSD2 9
  12. 12. 12 FINE GRAINED AUTHORIZATION ● In the Authentication Flow ○ WSO2 IS can support fine grained authorization with XACML 2.0/3.0 ○ User authentication decision can be affected by other factors ■ Eg. In a specific time interval, users cannot login ● In the API calls ○ WSO2 AM can intercept the flows to apply fine grained authorization ○ Consume authorization decisions from IS, acting as a PEP ■ Eg. API response can be further customized according to user attributes. ● If the user belongs to ‘Platinum’ tier let them take online loans below an amount x.
  13. 13. 13 WSO2 IDENTITY SERVER ANALYTICS Login Analytics / Session Analytics ● Track success/failed login attempts by user/service provider/identity provider. ● Detect anomalous login behavior. ● Track all the sessions in the system by user and the duration of the session
  14. 14. REFERENCE ARCHITECTURE WITH WSO2 15 WSO2 Identity Server, WSO2 API Manager, WSO2 ESB
  15. 15. THANK YOU