PSD2 compliance as a UX and cost advantage

Identity app store enables instant registration and login process definition as well as roll-out. Combine any authentication method – no coding required.

Strong Customer Authentication: a UX opportunity

The Keyp protocol allows a simple implementation of processes compliant with PSD2. Namely, continuous identification and SCA through any channel and in any context. Under the new Payment Service Directive (PSD2), Payment Service Providers (PSP) face the challenge to ensure Strong Customer Authentication (SCA) without jeopardizing user experience and wasting time and money on expensive integration projects. Only to learn a few months later, that there is a more convenient and more secure solution on the market then, say, OTP via SMS. The Keyp Identity Platform enables PSPs’ administrators to conveniently implement SCA via drag & drop – quite literally in seconds. Instead of coding for months. Keyp’s architecture allows very fast deployment (i.e. few days) because there is no need for backend integrations. The Identity Platform comes free of charge and brings maximum agility and cost savings in operations and prevents vendor lock-in with IdPs. PSPs can easily comply with PSD2 and improve UX by building on the latest and most convenient authentication solutions on the market. The users’ personal identity information is stored on their local devices. This enables continuous identification and instant re-use of verified data. This makes Keyp’s architecture GDPR-compliant by design.

Secure & decentral storage

Tokenization of verified identity information ‚Blind‘ storage without server component and fully GDPR-compliant Encrypted and OS-independent storage

Strong customer authentication (SCA)

Keyp supports several authentication solutions: possession (e.g. smartphone, hardware token), biometric (e.g. face, voice, fingerprint, behaviour), knowledge (e.g. PIN, TAN), environment (e.g. sound) Unique session ID with every authentication

Secure communication

Encrypted wallet and communication channels User consent: transparent, explicit and session-based User account integrity ensured via 2FA or MFA Optional: transaction log & secure and auditable documentation archiving IdP (eIDAS compliant)

Add-on: continuous identity verification

Initial identity verification via eID, video-ident, bank account, etc. Instant re-verification of identity with every transaction Usage of verified identity attributes across domains (i.e. verified ID is not company nor transaction specific)

Selected Keyp Federtaion members providing PSD2 solutions:

A brief PSD2 explainer

The revised Payment Services Directive (PSD2) sets out to make payments safer and increase consumer protection. It fosters innovation and competition and aims to ensure a level playing field for all players – including and especially for new entrants that were not regulated in the first version of the PSD. European Banking Authority’s (EBA) latest draft (EBA/RTS/2017/02 – Strong Customer Authentication and common and secure communication under Article 98 of Directive 2015/2366 (PSD2)) regarding PSD2 and SCA requires a strong customer authentication for remote electronic purchases above EUR 30. Both the amount and the payee of each payment must be authenticated without compromising their confidentiality, authenticity and integrity in accordance with Articles 4 and 5.