Privacy and security are central to LoginID’s products. There is
therefore a natural synergy between our solutions and regulatory
rules that are intended to protect users, including the EU’s
General Data Protection Regulation (GDPR), a law that protects
data of any individual that resides in the EU, and the Revised
Payment Services Directive (PSD2), which governs electronic
payments into and out of the EU.
How LoginID enables GDPR compliance
Data protection safeguards: the GDPR requires firms to put in
place safeguards to protect personal information. Strong,
multi-factor authentication is crucial to that end, because it
reduces the risk of weak or stolen passwords, which are a key
vulnerability that drive the vast majority of breaches.
However, many forms of MFA are still exposed to phishing and
malware. By contrast, we use public key cryptography, which
enables cutting-edge ‘high assurance authentication’ - this
means our MFA has the strongest safeguards.
User rights management: the law gives individuals the right to
change, delete, view, and move their data, and, in many cases,
requires firms to demonstrate that they have obtained users’
explicit consent to collect their data. This can only be done
securely if the identity of the requestor has been
authenticated effectively. Our authentication solutions
provide the most accurate, effective means of achieving that.
Privacy-by-design: a key requirement of the GDPR is that
companies design new products with privacy in mind. In
addition, certain information, such as biometrics, is
considered particularly sensitive. We have adopted a
privacy-by-design approach, as is reflected in the fact that
the user’s biometrics never leave their device.
How LoginID enables PSD2 compliance
Strong Customer Authentication: the PSD2 requires that users
be authenticated using a mix of at least two elements that
relate to possession (something you own), inherence (something
you are) and/or knowledge (‘something you know’). Our
authentication solution is inherently a 2-factor
authentication method that is explicitly PSD2 compliant.
Security: to comply with the PSD2, companies must mitigate the
risk that any of the elements used for authentication are
accessed by unauthorized parties. Our solutions ensure that
the elements stary in the authenticating device – even if the
device is stolen, that information cannot be read, copied or
transferred, and the user cannot authenticate unless they have
the necessary inherent features (e.g. biometrics) or
knowledge.
Transaction Confirmation: the PSD2 mandates that payment
services must have a secure mechanism that allows users to
review and confirm the transaction. We support this through a
mechanism by which the details of the transaction and a
confirmation request are sent to the user, who in turn
authorizes payment – e.g. by scanning a fingerprint.
Ready to get started with our FIDO compliant platform?