Cryptographic Hardware for PSD2 Solutions and Financial Blockchain Applications
- HSM (Hardware Security Module) is a recommended ally to strengthen any robust authentication solution (SCA) required by the European Payments Directive PSD2.
- Encryption and signature using a certified-PCI and/or FIPS HSM provides, in the financial field, the highest levels of security to Blockchain asset management applications, as well as transactions made with such block-distributed and shared registration technology (Blockchain is a type of DLT).
Today no one doubts that Digital Banking is no longer an option and that the success of its development requires compliance by financial institutions with security regulations. In addition to bringing multiple benefits, in terms of optimization and trust, to end users.
In the new financial scenario, where traditional banking, Fintechs and other Open Banking models coexist, such as transactions made through platforms such as Amazon or Google, among others, security in the methods of payment, is both a need and a requirement to be met.
Therefore, financial institutions must secure their financial transactions according to the standards defined by the PCI consortium (VISA and Mastercard) and to do so, it is mandatory to comply, the implementation of cryptographic hardware, whose value and credibility lies in the PCI HSM PTS v2.0 certification or higher, in accordance with the PCI Security Standards Council; or in certain cases, with FIPS 140-2 Level 3 certification by NIST, according to the requirements required or recommended in each business process.
Payment Regulation Compliance PSD2.
The implementation into force of the new European Payment Services Directive PSD2 obliges financial institutions to make customer data available to third parties, financial actors, and implement two-factor authentication (SCA) solutions, or robust authentication (identity and validation identification), to avoid fraud issues arising from phishing.
Such robust authentication solutions use keys that should be generated and custodied on cryptographic devices (HSMs) to provide the authentication process with the highest guarantees of security and trust.
Many financial institutions that do not have robust authentication solutions have chosen to send an SMS message to their customers, using an authentication key to validate transactions made through digital media. But the high cost of SMS per operation predisposes them to implement more efficient and secure SCA robust authentication technology solutions.
The objective of the PSD2 regulation is to protect, through enhanced, double or triple-factor authentication, both the customer and the entity itself, against the risk of fraud from theft and impersonation.
Blockchain in the financial field.
The boom experienced by Blockchain technology in the last year is focusing on various sectors, including the financial sector, with an increasing number of financial sector-linked entities and agencies, which are already working in projects, in many cases pilot, with “open source” technology such as Corda or Hyperledger.
The money used by Blockchain are tokens, objects similar to coins, but of no negotiable or fungible legal course value. However, Blockchain technology goes beyond asset management itself (cryptocurrencies), and can be used in many other business processes and not only in the financial field.
Taking as a starting point a “Smart Contract”, it is possible to register in block, in a distributed and shared way between the different parties, any type of information or transaction with the consensus and approval of its participants.
This consensus allows the elimination of intermediaries, providing trust and robustness to the blockchain, whose unalterability and robustness is provided by the encryption and conjunction of each of the blocks, by using a cryptographic summary function called “hash”.
However, as with any algorithm or cryptographic function, a “hash” or summary function can be done by software, or by using a cryptographic hardware platform (HSM) to strengthen security, and thus be sure that the prívate keys used in the process of digital signature of transactions, are not exposed, and are stored and custodied on a secure and isolated device.
If the HSM also has the appropriate certification level granted by a trusted body, we will be strengthening the security of processes and transactions, ensuring the unalterability of the encrypted or digitally signed.
Currently, there are hardware and software platforms on the market for Blockchain nodes which allow the incorporation of applications in a virtualized way, and that to strengthen security incorporate an HSM that performs the cryptographic functions necessary, allowing to make use of a “hash” and other algorithms of asymmetric cryptography, central axis of the digital signature, as is the case of the elliptical curve algorithm (ECDSA).
In short, the objective pursued by financial institutions, in terms of the security of transactions that make use of Blockchain technology, is that the replicated information is immutable and cannot be manipulated or altered.