Privacy and security are central to LoginID’s products. There is therefore a natural synergy between our solutions and regulatory rules that are intended to protect users, including the EU’s General Data Protection Regulation (GDPR), a law that protects data of any individual that resides in the EU, and the Revised Payment Services Directive (PSD2), which governs electronic payments into and out of the EU.

• Data protection safeguards: the GDPR requires firms to put in place safeguards to protect personal information. Strong, multi-factor authentication is crucial to that end, because it reduces the risk of weak or stolen passwords, which are a key vulnerability that drive the vast majority of breaches. However, many forms of MFA are still exposed to phishing and malware. By contrast, we use public key cryptography, which enables cutting-edge ‘high assurance authentication’ - this means our MFA has the strongest safeguards.
• User rights management: the law gives individuals the right to change, delete, view, and move their data, and, in many cases, requires firms to demonstrate that they have obtained users’ explicit consent to collect their data. This can only be done securely if the identity of the requestor has been authenticated effectively. Our authentication solutions provide the most accurate, effective means of achieving that.
• Privacy-by-design: a key requirement of the GDPR is that companies design new products with privacy in mind. In addition, certain information, such as biometrics, is considered particularly sensitive. We have adopted a privacy-by-design approach, as is reflected in the fact that the user’s biometrics never leave their device.

• Strong Customer Authentication: the PSD2 requires that users be authenticated using a mix of at least two elements that relate to possession (something you own), inherence (something you are) and/or knowledge (‘something you know’). Our authentication solution is inherently a 2-factor authentication method that is explicitly PSD2 compliant.
• Security: to comply with the PSD2, companies must mitigate the risk that any of the elements used for authentication are accessed by unauthorized parties. Our solutions ensure that the elements stary in the authenticating device – even if the device is stolen, that information cannot be read, copied or transferred, and the user cannot authenticate unless they have the necessary inherent features (e.g. biometrics) or knowledge.
• Transaction Confirmation: the PSD2 mandates that payment services must have a secure mechanism that allows users to review and confirm the transaction. We support this through a mechanism by which the details of the transaction and a confirmation request are sent to the user, who in turn authorizes payment – e.g. by scanning a fingerprint.