PSD2 Compliance:

Changing the face of digital banking in Europe


PSD2: What you need to know

PSD2 is the major policy development set to impact the payments industry across Europe. The PSD2 seeks to: Further standardise and make interoperable card, internet and mobile payments. Reduce barriers to entry, in particular for card and internet payments.

What is PSD2?

The PSD2 Strong Authentication Requirement specifies the following:

3.2.1 This section of the draft RTS specifies the requirements of strong customer authentication, which,
according to Article 4(30) PSD2, is an authentication that:

a) is based on the use of two or more elements categorised as
i. knowledge (something only the user knows),
ii. possession (something only the user possesses), and
iii. inherence (something the user is),
b) ensures the elements are independent from one another, in that the breach of one does not compromise the reliability of the others, and
c) is designed in such a way as to protect the confidentiality of the authentication data.

Source: European Banking Authority “Consultation Paper On the draft Regulatory Technical Standards specifying the requirements on strong customer authentication and common and secure communication under PSD2

Are banks ready for PSD2? See the survey results

MIRACL Trust® ZFA meets upcoming PSD2 regulatory guidelines in EU.

MIRACL Trust® ZFA is a cloud-based service that provides secure, Multi-Factor Authentication to employees, partners, and external users without sending authentication credentials across the web for storage in the cloud. Which means it can’t be compromised.

The Multi-factor authentication market is growing - $8.9B USD by 2019. ZFA from MIRACL meets 2017 EU banking requirements for 2FA (PS2D ruling). Our ZFA completely eliminates risk of password database breach and provides stronger security than any competitive 2FA software or hardware solution.

We improve the user login experience with an easy 4-digit pin which replaces passwords for all apps as well as being extendable to all types of Identity Factors (biometrics, location, etc.).

We provide an extremely disruptive ”as-a-service” pricing with massive margins for you. Our concurrent user pricing (per use) delivers total lowest cost of ownership today and extends enterprise security to external users for the costs of 2 SMS per month.

Clients can activate, deploy, manage easily and go live in minutes. To find out more about MIRACL Trust® ZFA, you can request a demo today.

MIRACL’s zero password authentication solutions, which eliminate authentication database breaches and improve the user experience for end users, deliver immediate security benefits”.

Rich Boyer, Chief Architect, NTT i3.

STRONGER Authentication

Multi-Factor Means Stronger

Strong authentication means a user provides two or more of the following when requesting access:

  • Something only the user has (a token in mobile app)
  • Something only the user knows (a 4 digit pin)
  • Somewhere the user is (a known time or place)

For maximum security you should ideally authenticate with something you know, something you have, and something you are. Typically that would be a password, a physical device of some sort, and a biometric like a fingerprint. For the moment the industry appears to be content with just two factor authentication, which could be any two out of these three.



MIRACL Trust® ZFA Means Safer

Zero-Factor authentication (ZFA) means that a user proves knowledge and possession without exchanging or sending any credentials with a server database (unlike passwords and current two-factor authentication).

Step User Process On Device   Authentication Service Process
1 User declares identity  
2   Service sends challenge
3 User proves true but sends no information  
4   Service sends another challenge
5 User proves true but sends no information  

MIRACL Trust® ZFA platform is a cloud-based service that provides secure, Zero-Factor Authentication to employees, partners, and external users without sending authentication credentials across the web for storage in the cloud. Which means it can’t be compromised.

Fast Facts about MIRACL Trust® ZFA:

  • MIRACL provides security solutions for better authentication across all devicesProvides better security: without the need for credentials, such as usernames, passwords and OTP seeds, to be sent across the web, or stored on a mobile device.
  • Affordable: Significantly lower total cost of ownership than hardware tokens and authentication-as-a-service offerings. Clients provision users as needed, billed only for usage.
  • Easy to implement: As a cloud-based service, ZFA is simple to activate deploy, and on-board users at scale. Clients can be live within minutes.
  • Can be extended into any desktop or mobile application via open source, Apache Licensed developer SDKs for iOS, Android, C# and other web languages.
  • Meets regulatory compliance: zero-factor authentication solution for regulated industries, such as finance, government and healthcare, since credentials are not stored in the cloud.
  • Scalable: secure authentication to all customers, employees and partners who power a company’s business, for less than the monthly cost of sending a few SMS messages to a single user in a month.
  • Simple to administer: Manage service delivery channels, billing, and users through one simple ZFA web dashboard.
  • Improved end-user experience: A simple 4-digit PIN is all the end user has to remember, and can be used across all applications and identities that the end user needs to gain access to.

Simple and Seamless

Customers and Partners easily on-boarded through fast ID verification workflows and faster 4-digit pin authentication. 24X7 Support / Help Desk globally from within app.

Launch ready ZFA Mobile App

Hands free login into web, mobile and client / server applications eliminates host based malware that can capture login details.

Available For iOS /ANDROID

Reach 95% of the mobile device market with open source SDKs to embed functionality into customer’s apps and software.

Super Security

Authentication credentials are created from local verified identity factors so credentials are never stored on the device, or leave it.

Tech City Bank example