>> Passwordless.. Compliant..

Regulatory
Compliance

CUSTOMER AUTHENTICATION

Take Regulations Seriously

No matter the industry size, all businesses must adhere to certain laws and regulations as part of their operations. Regulatory compliance deals with a set of guidelines that local law requires organisations to follow.

Financial Services and Insurance are some of the most regulated businesses, with particular concerns around Data Privacy, Payment Services and User Access Control. Failure to comply with a regulator can result in significant fines for organisations and even prison sentences for senior executives.

Regulations Every Enterprise
Needs to Monitor

GDPR (General Data Protection Regulation) states that data must be kept safe from unauthorised access. This is a significant concern for organisations, with many data breaches being achieved through compromised user credentials.

(Payment Services Directive II) aims to make payments safer and more secure to protect consumers, enforcing SCA (Strong Customer Authentication) to validate the identity of the user making the transaction and applies to all PSP’s (Payment Service Providers)

(New York State Department of Financial Services) aims to protect financial organisations and their customers by enforcing the use of multi factor authentication and or risk based authentication.

(California Consumer Privacy Act) aims to give users more control over their personal data stored by organisations and fundamentally requires companies to protect user data against unauthorised access.

(Swiss Financial Market Supervisory Authority) is charged with protecting creditors, investors and policyholders and ensuring Swiss financial markets function effectively. One specific section regarding handling of Electronic data mandates access to data based on physical location of the user.

Power of MFA + UBA

VeridiumID solution allows organisations to remove the password, which actually increases security for organisations by eliminating the capability to share credentials or perform brute force attacks on infrastructure, additionally phishing emails are irrelevant since the user has no password to replay to the attack. Password removal helps mitigate against fraudulent and authorised access.

Veridium’s default solution also delivers strong MFA (Multi-Factor Authentication) adding further levels of assurance of user identity when accessing systems or performing transactions. With Veridium’s InMotion, User Behaviour Analysis providing further confidence to the identity of the individual, organisations can again help reduce fraudulent activity, protecting sensitive data held by organisations.

Single Platform for Compliance

A single solution providing password-less access and strong MFA helps meet regulatory compliance for NYDFS and CCPA, while adding tighter security control for data access to prevent data breaches GDPR. Veridium provides contextual information including providing user Geo-Location helps Swiss financial services organisations meet strict FINMA rules on data access outside of the Swiss border.

Finally, Veridium transaction signing capability helps meet PSD2 requirements, by securely storing tamper proof transaction logs which can be used for non-repudiation in case disputes or for audits.

 

Related Resources

Using Veridium for Passwordless
Authentication


Watch Now

ID Verification
for
Financial Transactions

Watch Now

eKYC | On-Going
Modern Authentication

Watch Now