Anomaly Detection, Fraud & Penetration monitoring
X2SA via APIs
Banks are mandated to allow TPPs access to customer account data (X2SA), where the customer has provided Consent for information to
be accessed. This access to customer consented information allows TPPs to deliver Account Information Services [AIS] as well as
Payments Initiation Services [PIS].
Banks, under PSD2 and Open Banking, are required to use APIs to expose this information to third parties.
SCA and 2FA
Strong Customer Authentication (SCA) via 2-factor authentication (2FA) is mandated by the RTS to access customer account
information using secure APIs. The authentication must meet two out of three personal criteria: Possession (something one
possesses such as a token), Knowledge (something one knows such as a password) or Inherence (something unique to one such as
an individual’s biometric reading).
Under the PSD2 regulation it is mandated that customer Consent is required to grant or remove access to customer specific account
information given to Banks/TPPs. The directive is prescriptive about consented information being used only by the third party
(TPP/AISP/PISP) who has been given consent, and about information being used only for the specific action that has been consented.
Anomaly Detection, Fraud and Penetration monitoring
Layered security and Fraud Detection is enabled via OEM integration. The Fiorano PSD2 platform incorporates industry leading Threat and Anomaly detection technology to support transactional risk ranking and decision making.
Class-leading Behavior analytics, Threat and Anomaly engines combine with optional end-user specific Biometrics and Device Finger-print tokens to provide full coverage as per the RTS specifications.
Fiorano Consent Management, built on an Identity Engine, supports customer on-boarding out of the box with optional pre-configured OEM integration with Public eID schemes, Registry lookups, Consumer identities, Hosted identity methods and Digital Identity paper verification.