PSD2: What You Need to Know

Strong customer authentication

As part of its call to improve the customer experience across the rapidly expanding personal finance sector, the European Banking Authority has included a mandate for financial services companies to provide “strong customer authentication”.

For more information about the European Banking Authority’s PSD2 requirements for Strong Customer Authentication, please see the EBA’s “Final Report on Draft RTS on SCA and CSC” here

The EBA (and others) define 'strong customer authentication' as a process whereby a user independently provides two or more of the following when requesting access to their account online, or when initiating an electronic payment transaction:
  • Knowledge: Something only the user knows
  • Possession: Something only the user has
  • Inherence: Something the user is
PSD2 strong authentication with MIRACL

MIRACL allows any financial services organization to comply with the PSD2 requirement to provide Strong Customer Authentication for web and mobile banking applications without sending, storing, or synchronizing any security-related information in whole form. Ever.

  • MIRACL Trust® is a cloud-based service that provides secure, multi-factor authentication to employees, partners, and customers without sending authentication credentials in whole form across any network for storage in the cloud or on a device.
  • Through our work with pairing-based elliptic curve cryptography and our use of a zero-knowledge protocol, MIRACL can establish and expand encrypted communication channels instantly for customers, cloud applications, and the Internet of Things, without sending or storing identity keys in whole form, at any time.

Download our Free PSD2 Security Overview

MIRACL TRUST® MULTI-FACTOR AUTHENTICATION

A Simple, Scalable Strong Customer Authentication Solution for PSD2

Better usability for PSD2

Strong Customer Authentication for PSD2 and a Better User Experience for Customers

MIRACL Trust® is a cloud-based service that provides secure, multi-factor authentication to external users, employees and partners without sending authentication credentials in whole form across the web for storage in the cloud. Users independently demonstrate possession through a software token located in a web browser or mobile application, and demonstrate knowledge by providing the 4-digit PIN chosen during the authorization process.

No Security Information is Stored in Whole Form at Any Time.

End users of MIRACL Trust® multi-factor authentication receive a software token in their web browser or mobile application during our / your registration process. The information in this token is incomplete and does not reveal any information about the identity of the user or the authentication system itself. The MIRACL Trust® authentication system does not store, or require you to store, any valuable security information in any place at any time, nor do we require you to upload any of your authentication data into our service.

No single point of compromise
Nothing in transit can be hacked

No Information is Sent in Whole Form Across Any Network

MIRACL Trust® Authentication uses the M-Pin Zero-Knowledge Protocol, which means that an individual can prove they know a secret, without actually revealing that secret. No security-related information is stored on our servers or yours which means that there is nothing for a hacker to steal. User authentication takes place on the device (against an incomplete software token in a web browser or mobile application) and is secure against database breaches and man-in-the-middle attacks because no credentials are exchanged between clients and servers in whole form (unlike passwords and two-factor authentication).

Eliminate the Multiple Points of Compromise Within Your Existing Security Systems

Current sources of security origination (e.g. digital certificates, password databases) can be compromised, which provides a single point for a cyber-attack and cannot scale for the future of business (e.g. cloud, IoT). MIRACL Trust® employs the principle of distributed trust (i.e. the authentication server and client keys are generated independently by two autonomous, distributed trust authorities (DTA)). A DTA can be located in any cloud environment, and does not store the key material it provides, nor does it have any information about the other material required to create an identity key. A MIRACL Trust® customer can host one of the DTA’s within their infrastructure if required as part of the registration process controls. The other DTA would be run by MIRACL.

Eliminate any points of compromise within your security infrastructure
Improve security for identities across your business as a whole

Support the Security of Identity Credentials Across Almost All Business Use Cases (Not Just PSD2)

MIRACL Trust® multi-factor authentication for external end-users as part of PSD2 is only the first security challenge we can solve for your digital business. Our single security platform can change entirely the concept of identity credentials across your organization including: authentication into VPN, replacing digital certificates and their maintenance, enabling digital verified signatures in your web and mobile applications, and more. Start with PSD2 today and let us help you address other challenges when your timeline allows.

MIRACL Trust® Reduces Risk of Malware and Man-In-The Middle (MITM) Attacks

Prove You Know a Secret Without Revealing That Secret to Me. MIRACL Trust® utilizes an ISO/IEC approved zero-knowledge technique, which means that the end user can prove to the authentication service that they know a secret, without revealing that secret to the verifying party. No security-related information is stored on our servers or yours which means that there is nothing for a hacker to steal. User authentication takes place on the device (against an incomplete software token in a web browser or mobile application) and is secure against database breaches and man-in-the-middle intercept attacks because no credentials are exchanged between clients and servers in whole form.

psd2 strong authentication prover and verifier process

MIRACL Trust® Works with Any Web or Mobile Application Through a Simple Code Replacement

MIRACL Trust® Supports Multiple Authentication Factors / Notification Channels You Currently Have in Place. MIRACL Trust® easily integrates into any point of your web and mobile application security process, and can support the authentication mechanisms you have planned / in place (including biometrics) to provide a non-repudiable audit trail of the people, devices, and transactions being authenticated by your users or machines.

MIRACL Trust® for website login in-browser or with a smartphone application is designed to work at an internet scale; delivers multi-factor authentication to your external audiences with no disruption of the service; improves the user experience; and minimizes customer churn when deploying additional security, all at a fraction of the cost of the competition. After registering an app (standard, SSO or RADIUS) with the MIRACL Trust® MFA Authentication portal (trust.miracl.cloud) you will be issued the keys to integrate MIRACL authentication into your product.

MIRACL Trust® for mobile login can secure your end users into mobile applications with the same multi-factor authentication solution through our software development kits (SDKs) for Android or iOS. SDKs also allow you to prevent installation of your authentication application onto a rooted mobile device and reduces risk from malware and “man-in-the-middle-attacks”. After integrating MIRACL Trust® into your mobile application through our cloud-based portal (trust.miracl.cloud) your business can successfully onboard end users through the same identity verification and PIN creation process they would find in a web-enabled application.

User flow

Try MIRACL Trust authentication in 5 Minutes

“MIRACL’s zero-password authentication solutions eliminate authentication database breaches, improve the user experience for end users, and deliver immediate security benefits”.
Rich Boyer, Chief Architect, NTT i3