European Banking Authority requires Two Factor Authentication for payments from August 2015
The deadline for EU companies wishing to make international payments to implement two factor authentication is fast approaching!
From 1st August 2015, The European Banking Authority (EBA) will require companies wishing to make international payments across the EU to include the use of “strong authentication”.
This is defined by the EBA as using two or more of:
- Something only the user knows
- Something only the user possesses
- Something the user is (e.g. fingerprint, palm scan)
Stay compliant and reduce risk
As well as soon being required by the EBA for compliance, two factor authentication will significantly decrease your risk of cyber-attack and help you to stay FCA compliant.
Two factor authentication makes your credentials much more secure than a complex password. Even the most secure passwords can be cracked. Single factor authentication (i.e. a password only) is vulnerable to brute force hacks, phishing scams where you are tricked into voluntarily giving up your password, and user error (writing passwords down etc.) – See 10 ways your employees compromise your business security.
Did you know?
57 percent of EU data breaches between 2005 and 2014 involved theft – with over 570 million records stolen over 10 years, with 42 percent involving external attacks from criminal hackers. Many of these could have been prevented with two factor authentication (see seven other ways to prevent data loss).
What is two factor authentication?
Two factor authentication adds a second layer of security which must be passed through in order to gain access. This makes it significantly more difficult for a criminal to gain access to your systems.
With two factor authentication, your user name and password are still required. In addition, a randomly generated pass code or password is also required – usually generated by a key fob or smartphone app. This code must be preceded by a pin – which only you should know – and the code is only valid for one use within a set period of time, usually about 30 seconds, before a new one needs to be generated.
For example, to log in you would need to enter:
- User name
- PIN + randomly generated code (valid for 30 seconds)
As the code is only valid for 30 seconds, anyone attempting to gain access to your account must know your password, your PIN and have your key fob or smartphone. This makes it significantly more difficult for criminals to gain unauthorised entry to your systems and make unauthorised payments.
Two factor authentication only one piece of the security puzzle
With Netstar’s IT security package, two factor authentication will be required when logging on to any of your company’s machines, as well as when logging on to any server or machine remotely.
- Your data will be held in our secure tier three data centre (based in London – requirement for FCA compliance)
- Access to the data-centre also requires multi-factor authentication (pin and card entry, biometric palm scans). Our data centre will form an integral part of your security and your disaster recovery plan (another requirement for FCA compliance).
- Your data is backed up every fifteen minutes, and you can be fully operational again within four hours (but you can continue to work from your most recent backup in the datacentre.)
The End of Windows Server 2003 is an Opportunity for Your Business to Grow!May 29th, 2015
Support for Windows Server 2003 will end on July 15th 2015. Ensure you are not breaching compliance regulations or putting…
Category - IT SecurityRead More
If data theft caused a company like Sony to lose millions, what would it do to your business?December 19th, 2014
Sony were recently the victims of a cyber-attack which has directly caused massive damage to their reputation and bottom line.…
Category - IT SecurityRead More
Find out more about our security plans and how we can help you maintain FCA compliance: