The security of identity data increasingly exposed by leaving traces while using applications or internet-based services. Even though this is part of the business relationship between users and providers in theory, the storage of sensitive identity data is surrounded by high uncertainty. The provided customer data builds the digital identity, which is being used by service providers to collect and analyse information and thus, create customized offerings and advertising. As a matter of fact, service providers are not inclined to guarantee the highest data security level, because data collection and usage is the key determent in its business models itself. In order to maintain data security, the overarching technology-architecture paradigm becomes a crucial part, including evaluation of Perimeter Networks and Zero Trusted Networks. Hence, the pros and cons of the perimeter security approach and Zero Trusted Network Architecture are being evaluated. Having the paradigmatic requirements changes on one side, regulatory authorities are needed to strengthen customer data by introducing legislative initiatives such as the IT Security Act, the European Payment Services Directive II (PSD) and the General Data Protection Regulation (GDPR). As the sovereignty of the individual digital identity is becoming crucial to its users, stakeholders must find new guidelines to adapt their security architectures.
Artificial intelligence is undoubtedly one of the most highly discussed technology topics at present. You will struggle to find any mass media source which does not contain any reference to machine learning, deep learning or artificial intelligence.
The new regulations concerning strong customer authentication and secure communication (RTS SCA & SC) under PSD II were published by the EU Commission on November 27, 2017. At first glance two points, in particular, come to mind: On the one hand, the requirements have been worded very generally, meaning that applying these rules to concrete payment processes will prove a major challenge to many market participants. On the other, the underlying security paradigms all appear to be inconsistent with one another. Even though these points were continually debated during the long consultation phase – including consultations, public hearings, numerous meetings involving market participants and the European Banking Authority (EBA), the final version of the RTS still does not provide sufficient clarity on the subject.