European Banking Authority requires Two Factor Authentication for payments from August 2015
The deadline for EU companies wishing to make international payments to implement two factor authentication is fast approaching!
From 1st August 2015, The European Banking Authority (EBA) will require companies wishing to make international payments across the EU to include the use of “strong authentication”.
This is defined by the EBA as using two or more of:
- Something only the user knows
- Something only the user possesses
- Something the user is (e.g. fingerprint, palm scan)
Stay compliant and reduce risk
As well as soon being required by the EBA for compliance, two factor authentication will significantly decrease your risk of cyber-attack and help you to stay FCA compliant.
Two factor authentication makes your credentials much more secure than a complex password. Even the most secure passwords can be cracked. Single factor authentication (i.e. a password only) is vulnerable to brute force hacks, phishing scams where you are tricked into voluntarily giving up your password, and user error (writing passwords down etc.) – See 10 ways your employees compromise your business security.
Did you know?
57 percent of EU data breaches between 2005 and 2014 involved theft – with over 570 million records stolen over 10 years, with 42 percent involving external attacks from criminal hackers. Many of these could have been prevented with two factor authentication (see seven other ways to prevent data loss).
What is two factor authentication?
Two factor authentication adds a second layer of security which must be passed through in order to gain access. This makes it significantly more difficult for a criminal to gain access to your systems.
With two factor authentication, your user name and password are still required. In addition, a randomly generated pass code or password is also required – usually generated by a key fob or smartphone app. This code must be preceded by a pin – which only you should know – and the code is only valid for one use within a set period of time, usually about 30 seconds, before a new one needs to be generated.
For example, to log in you would need to enter:
- User name
- PIN + randomly generated code (valid for 30 seconds)
As the code is only valid for 30 seconds, anyone attempting to gain access to your account must know your password, your PIN and have your key fob or smartphone. This makes it significantly more difficult for criminals to gain unauthorised entry to your systems and make unauthorised payments.
Two factor authentication only one piece of the security puzzle
With Netstar’s IT security package, two factor authentication will be required when logging on to any of your company’s machines, as well as when logging on to any server or machine remotely.
- Your data will be held in our secure tier three data centre (based in London – requirement for FCA compliance)
- Access to the data-centre also requires multi-factor authentication (pin and card entry, biometric palm scans). Our data centre will form an integral part of your security and your disaster recovery plan (another requirement for FCA compliance).
- Your data is backed up every fifteen minutes, and you can be fully operational again within four hours (but you can continue to work from your most recent backup in the datacentre.)
Find out more about our security plans and how we can help you maintain FCA compliance: