Blog EN

Blog EN

The Payments Directive PSD2 – deadline is approaching! Is your authentication solution ready for it?

What is PSD2?

PSD2 follows the original Payment Services Directive (PSD) that was adopted by the European Union in the year 2009. This regulation breaks the monopoly of banks on their customers’ data and represents an important step towards “open banking”. The new EU regulation directs financial institutions to open up their interfaces and give third party providers (TPPS) access to customer data. The third parties could leverage the data to create new & innovative services to enhance customer experience. This results in new services, such as the initiation of payments directly from an online shop – obviously, with the consent of the account holder or the customer. In short, the new EU directive aims to boost competition in European payments, encourage innovation and make money transfers more convenient and secure.

But this is nothing new and has been known for a long time. But slowly things are getting serious. The deadline to implement PSD2 is only a few days away and banks have to provide a technical interface including a test environment for payment initiation services and access to their customers’ account information. For established financial institutions, the new directive would mean both opportunity and risk.

The implications - What to keep in mind

The new directive that is set to revolutionize the payments industry, poses technical challenges to banks- Banks will have to ensure that they have the right infrastructure to support secure data-sharing across all channels via APIs and other services to TTPs while providing a strong authentication solution to secure payment transactions. There is no much time left, as by March 14, 2019, financial service providers are expected to provide a PDS2 test environment and the deadline to be PSD2-compliant, September 2019, is fast approaching.

The requirements are not really new

The challenge of secure data exchange and unique authentication is not new. Many companies outside the banking sector have already implemented this in the past. However, this is the first time that the financial services industry has been forced to interface with third parties. In order to implement the regulatory requirements accurately and on time, banks should rely on a partner who has the necessary expertise from completed customer projects and can implement the PSD2 requirements quickly. cidaas, our Customer Identity and Access Management solution (CIAM), delivers the required functionalities out-of-the-box. A comprehensive feature set ensures PSD2 conformity and the cloud service can be easily integrated into any existing IT landscape.

Secure and seamless authentication with cidaas

Based on the OAuth2 and OpenID connect standards, cidaas guarantees the secure access to accounts (XS2A) required in the PSD2 context as well as the required SCA – strong customer authentication. cidaas relies on strong multi-factor authentication methods, which also include biometric factors such as face, voice, fingerprint etc. in its two-factor authentication.

Within the framework of the PSD2, special attention must also be paid to data protection regulations. Payment service providers should process the customers’ personal data only upon obtaining their consent. The respective account-holding organization must check the consents and ensure that they are accessible and editable by the end customer himself at any given point in time. By default, cidaas supplies all features necessary for the administration of the consents. Financial institutions can thus obtain and manage the obligatory consents of the customers and at the same time grant access based on their defined preferences.

Are you impacted by the upcoming PSD2 guidelines and still need help implementing them? Please feel free to contact us or start with our free cidaas Freeplan

Read what Thomas Widmann, CEO of WidasConcepts, has to say about PSD2 and the importance of an identity and access management solution for secure and unique customer authentication.

cidaas helps financial institutions meet the requirements of the PSD2 regulation while ensuring a consistent strategy for the digital transformation of financial services providers. Read our factsheet to know how we do it.

Blog EN, News

Identity and Access Management: The business driver to boost sales in the Retail industry

Customer Identity Management is the recipe for success when it comes to making Customer Journey safe and exceptional Yael Widmann, Business Development

With the retail industry being one of the worst hit by the digital disruption wave, the most dynamic retail brands are becoming more customer-centric. Today’s digitally empowered customers yearn for more – they expect a unique shopping experience each time. Hence providing exceptional omnichannel experience has become one of the most critical goals that retailers have to achieve. A diverse range of digital & physical shopping options would only mean a diverse and humungous amount of data to manage! And this is exactly why Identity and Access management has evolved over time into a “must-have” critical business enabler that not only provides the omnichannel experience but also makes the organization more successful.

So how is such an omnichannel experience accomplished?

The customer is given the same identity across all channels, enabling the delivery of a personalized shopping experience while ensuring data protection

Easy and convenient registration for better conversions

Asking users to fill extensive forms, requesting for verification at the initial stages of the customer-conversation and the like are things of the past – In today’s digital world, this is enough reason for customers to turn to other competitors who provide them seamless access to their services.

Cidaas enables an easy and convenient registration process

  • Social Login allows the end user to register with their Social network accounts.
  • Progressive or intelligent profiling allows the creation of forms with minimal data entry requirements
  • Single Sign On (SSO) enables end-users to log on to all devices and platforms

In short: With the login and registration features, retailers are sure to make an impressive start with their customers!

Holistic User profiles to identify your customers, understand them better and provide a unique shopping experience

To begin with, understanding your customer, their behavior & interests and insights into their decision-making traits would prove crucial in delivering the experience of their choice – to keep them hooked to your business.

Cidaas CIAM solution plays a pivotal role here – like fixing the pieces of a jigsaw puzzle, cidaas analyses each of the interactions of the customer in course of time, join the dots and assesses if it was the same customer who made all these interactions and, with the help of its “progressive user profiling”, incrementally & step-by-step, builds a holistic profile of the customer. This helps is delivering personalized content and the appealing experience to the user that results in brand loyalty.

Connecting digital and real-world identities: Real time marketing across all channels

cidaas goes one step further and enables the identification of digital customers in the real world – Thanks to the feature “Real World Identification”. A link between the two identities (real world and digital) can be accomplished with the help of installed IP cameras, beacons or NFC-based devices such as smartphones. This extends the Omni-Channel experience to include the stationary point-of-sale and allows retailers to run targeted marketing campaigns.

Consider the scenario in which the customer is in the vicinity of your store – cidaas leverages beacons to identify the customer and correspondingly present customized offers on his registered mobile devices, that entice him into visiting your store. Or, say, the customer is already in your store – cidaas could inform the customer about special offers or discounts.

Want to track customer traffic within your store? Cidaas uses NFC technology and IP cameras to help you figure out the most and least visited areas of your store – accordingly, you may want to consider refining your marketing strategies.

cidaas can be easily integrated into existing systems through open interfaces and offers plenty of scope for customization – from the defining the fields to be displayed on the registration pages to the design of an individual look and feel.

It’s not too late to seriously consider investing in an all-in-one comprehensive and reliable CIAM solution like cidaas – because the goal is not to just to sell a product, but to build a long-lasting relationship of confidence and faith with the customer.

Read our freely downloadable factsheet to know more about how retailers can profit from a CIAM solution.

Interested in knowing how cidaas can add value to your company? Then arrange your personal demo appointment today: Schedule a Demo

Blog EN

Multi-Factor-Authentication against data theft

Digitalization has, no doubt, created a spike in cyberattacks. The recent online attack on politicians and celebrities that led to the arrest of a 20-year-old in Hesse, is proof to the same. “It is possible to carry out data attacks from anywhere in the world – even from children’s rooms. This can have serious consequences for public life”, quotes Ungefuk, from the Attorney General’s office on the issue.

True.

IT Security has become a critical business function without which the very reputation of any company could land at stake. However, many companies still overlook the very many aspects of security. This results in significant gaps, which hackers easily exploit. Most of the famous hacks are inexpensive, easy and lucrative, yielding huge money in exchange for stolen data.

Authentication is indispensable in protecting data or resources – Be it entering an office premise, backing up confidential information, performing an online banking transaction or even making an online purchase. The growth of the “Internet of Things”, with a massive number of sensors and other devices connected to the internet, only adds on to the pressing need for authentication.

If you are the one, who uses the same password across platforms or slight variations of it or write it down, then for your own good, you will need to change. Passwords, as we know, have outlived their time. However, the process of authentication has evolved – to stay one step ahead of cybercriminals who find it easy to crack conventional passwords, and simultaneously maintain the optimal customer experience.

Thinking beyond passwords, organizations today rely on the fact that Biometrics certainly serves as a unique key to a person’s identity. This, when combined with smart fraud detection based on Big Data Analytics, Machine Learning, user profiling and predictive factors, could be leveraged to enhance authentication and ensure that all the requirements of data protection and cybersecurity are met.

Multi factor Authentication (MFA) using biometric recognition technology, hence, ensures adequate security and acts as a shield that safeguards data and resources. The following methods could be used and combined for effective identification and authentication:

  • Face Recognition: Users identified using advanced, biometric facial features
  • Voice recognition: Identification by voice
  • Fingerprint recognition: Touch based identification
  • Pattern: Identification through a user-drawn pattern
  • Push notification: Identification by the confirmation of message by the user only on the configured device

These methods could be leveraged to facilitate password-less authentication – Where the user could just scan a code or even their face using their phone’s camera to gain access to their devices. This not only provides an enhanced user experience but could also minimizes successful phishing attacks.

A two-factor authentication (2FA) only heightens security – for example, finger or face recognition in addition to a password validation provides the required “strong security”. Triggering 2FA in case of suspicious activities detected using fraud detection systems could help in protecting data and keeping fraudsters at bay.

Hence, 2-Factor authentication combined with biometric technologies would certainly be the way ahead, making it difficult to gain unauthorized access to data or information across devices, platforms and systems.

The panacea to the global “Data theft epidemic” is certainly a robust identity management solution. A modern, Big Data Technology based Customer Identity and Access Management (CIAM) software is essential not only to manage data and identities, but also to provide the appropriate authentication mechanism – for example, to allow the distribution of roles and access rights to the employees of an organization and correspondingly authorize them, be into physical or digital spaces.

cidaas, with its in-built intelligent fraud detection system, offers a wide range of authentication options to ensure that data is never compromised. Users can benefit from its array of MFA options for password-less authentication/2FA and role-based/access-based authorization mechanism that provides the best-in-class security. With cidaas, you can confidently steer your business in the right direction – into a highly secure digital future!

You are already one step ahead and want to see our solution in action? Get your free demo version today: https://cidaas-in-action.cidaas.de/

safeguards data and resource

Blog EN

The right game tactics for supporting your fans digitally

 

Digitization is progressing across various industries at an ever increasing pace – including the world of sports. The Digital Market offers sports fans a host of channels to access services and offerings from their favorite club. But to excite fans today and to provide personalized attention throughout the game, a quick and above all, convenient access to the digital offerings and services is a must.

Improving the “Fan Experience” has become the core of the brand strategy for the sports and entertainment industry. Only those who can excite their fans can retain them.

The biggest challenge here is probably the overflow of data, caused by the variety of interactions that fans can perform today. This almost infinite amount of information is already gathered in most cases today, but unfortunately often in different data buckets. To put it in the language of a coach: it’s like training each player of your team individually and letting the team play as one whole team, only when the right time comes. With this tactic a game can be won badly. However, if you train everyone together, the world looks completely different.

If you apply this scenario now to the world of data, you can not ignore identity and access management. Such a software – preferably cloud-based – offers an intelligent solution for the various fan support stations throughout the course of a game.

The infographic shows how the right tactics for taking care of fans could practically look like:

Ticket purchase

A fan informs himself in advance of a game about quota and prices of tickets, and would like to order them right away online in the ticket shop. With cidaas the fan registers quickly and easily via social login registration into the online shop. The single sign-on function allows the user to access all contents and services after a one-time login, across all portals. In accordance with the EU GDPR, he gives his consent to the use of his data during the ordering process. This information is stored by cidaas. If the fan thinks differently over time, he can adjust his preferences of data usage through the self-service option.

Shop offers

If a fan is a real fan, he would want to be well-provided accordingly. Personalized offers can increase sales of merchandise or special game offers. Data collected through email campaigns, advertising platforms or ticket purchases can be used to create a complete fan profile using big data technologies. This now contributes to the fact that organizers can align offers to individual needs and interests of the fans and thus not only improve customer journey, but also increase their own sales.

Access control to the stadium on the day of the game

Physical access control is the linchpin of a fan’s customer experience, especially at sports events – because who likes to stand in a queue for hours? With the physical access control function, cidaas offers an intelligent solution for access control to the stadium, but also inside the building, such as access to the VIP area. Authentication is based on the physical identity of a person. Different access rights can be assigned – secure and with reduced time and costs. Various methods of multi-factor authentication using Biometrics are available, for e.g. Face recognition, speech recognition, or Touch ID.

Visit to the fan shop before the game begins

The fans are now in the stadium-can the organizer can lean back? No way! On entering the stadium, the “Fan experience” begins. With the help of WiFi, beacons or apps, the digital fan now gets a real identity and can be directly provided with information on his smartphone, like e.g. about special offers in the fan shop or about special food and beverage offers during the game. The organizer benefits not only from higher sales, but also from detailed reports on customer traffic, the most visited areas of fan shops, as well as customer interest and behavior.

Intelligent identity and access management is a must for every club

Intelligent identity and access management is therefore a must for the sports and entertainment industry. Our Customer Identity Management solution cidaas includes all the necessary functionalities for managing user identities in digital business processes.Our cloud service is cross-platform and can be quickly and easily integrated into existing processes. Obviously, you can continue to use your current user authentication.

Do you want to learn more about cidaas? If so, contact us today at 07044 – 95 103 200 or at sales@cidaas.de

You are already one step ahead and want to see our solution in action? Get your free demo version today: https://cidaas-in-action.cidaas.de/

Blog EN

cidaas : Release of Executive View by KuppingerCole analysts / Webinars / Events

Passwords are like undergarments. You must not allow them to be seen, they have to be changed regularly, and should not be swapped with strangers.” – Chris Pirillo would say now. The KuppingerCole analysts took a close look at cidaas and published an executive view on our modern customer identity management solution.

The Executive View outlines cidaas and summarizes the basic and prominent features of cidaas very well. An elementary advantage of cidaas lies in its modern micro service architecture, which enables a clean separation and scaling of the individual services as well as continuous improvement. In addition, cidaas impresses with its extensive application of Big Data technologies and concepts. For example, cidaas Fraud Detection creates several additional layers of security and intelligently queries in a second factor, if required, from the extensive set of multifactors (Multifactor Authentication). With the various multifactor methods, a Password-free authentication is also available. Moreover, cidaas recognizes itself as the event trigger of the business software and supports the personalization of services and automation of marketing. An analysis of the user behaviour serves as the foundation, based on which the business software is informed on the particular behaviour of the User in Real time, the simplest example here, being the change of an iOS follower on Android devices!

Our “Real World Identification” services were also highlighted by KuppingerCole. With these functionalities, it is possible to link the real identitiy with the digital identity, and to cater to the customer and his needs in a better and personalized way. With its SDKs for iOS and Android, for example, cidaas helps to recognize users in local shops via geofencing or beacons and creates a link to the user’s digital activities. Thus, a personalized shopping experience in a local business facility of a company is made possible.

cidaas is rounded off with its very good Consent Management functionalities (Compliance management). Cidaas follows the Kanatara Consent Receipt specifications and offers many additional features that not only accommodates the GDPR but also allows a flexible approach to the most diverse use cases. This includes, for example, the ability to provide the Consent not only at login, but also based on action and context.

cidaas convinces not only with its extensive set of functions / features, but also with its flexible expandability options, which are also essentially built on the Microservice architecture. For example, it is very easy to integrate further multifactors or own connectors for connecting to an existing user base. In this way, cidaas is optimal and easy to integrate into the IT landscape.

Read the complete Executive View here.

By participating in the Customer Identity World (CIW) in Amsterdam and Singapore, we are taking the next steps with KuppingerCole. In addition, we are represented at many other conferences in Europe and Asia, ahead of IT-SA in Nuremberg and the Future Banking Summit in Mumbai.

We are also pleased to announce two partnerships with the German Chamber of Commerce to bring cidaas to France and Italy. In this context, we are currently building partnerships with integrators in Italy and France and have also been able to attract some interested parties/customers.

There are of course many more cool and useful features in the pipeline, including new functionalities in the field of “Internet of Things”.

We would like to thank John Tolbert and KuppingerCole for their great review and valuable inputs. We look forward to the Webinar on 11th September and the conferences in Amsterdam and Singapore.

If you want to know more about cidaas, please leave us your contact details and we will contact you. Or register on cidaas-in-action and experience some of our features live!

Blog EN

Biometric – future oriented Identity and Access Management

Biometric – future oriented Identity and Access Management

Biometric authentication with cidaas
Unlocking their smartphone or laptop with the finger scan is nothing new for many users. Biometrics technology makes this possible. Because it is the technology that is best able to ensure a clear identification. Irises, fingerprints and faces are some of the best-known features that make each person unique and suitable for biometric authentication.

Biometric – the automated measurement of specific characteristics

The biometric features of each human being are unique and therefore very personal. Recognition methods using biometrics for people identification are not new. Francis Galton laid the scientific foundation for the use of the fingerprint in 1892. Fingerprint scans are currently the most widely used biometric method worldwide. However, in comparison to other biometric methods, they are comparatively unsafe, since it is easier to falsify or emulate the features. In addition, moisture, dirt or even a simple hand cream can affect the accuracy of the measurements. But compared to entering pin numbers for e.g., this detection method is much safer. In any case, biometric authentication offers a higher level of security than other methods of identification. A much-improved capability is provided by multi-factor authentication, for e.g. the combination of factors are used for unique identification including biometric authentication (such as face, speech, or fingerprint).

The advantage of future oriented identity and access management, which includes biometrics, is that it makes much harder for unauthorized people to gain access to, for example, a physical location, a computing device, a network, or a database. Biometrics can be used for internal access to portals, servers and systems of the enterprises, above all also in the customer communication. Biometric solutions are user-friendly and offer the highest level of security.

User identification and highest security is also what cidaas stands for – a cloud-based customer identity software solution from WidasConcepts. Multi-factor authentication verifies customer or employee identity over a second channel and stops fraudulent attempts or suspicious cases with built-in tools.

WidasConcepts has received the coveted “Software Hosted in Germany” quality seal for its cloud-based software solution cidaas. The seal is only awarded to software solutions that use German data centers and German contract law. Plus, it is certified that the German standard for data protection (BDSG) is complied with. A fact that makes it attractive for companies to use cidaas, the identity solution that implements biometrics technology.

 

Blog EN

„The EU General Data Protection Regulation“ (GDPR)

The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years”.

Find out how cidaas can support your company to become GDPR-ready.

In April 2016, the GDPR was finally approved by the EU Parliament. On 25 May 2018, it will come into effect.

What you need to know:

The GDPR is the new uniform data protection regulation across the European Union. European law holds precedence over conflicting national laws.
The directive is binding in its entirety and directly applicable in all EU member states. Thereby, companies with customers based in the EU too are affected.
The GDPR serves to strengthen the protection of personal data and the rights of data subjects.

The requirements set forth by the GDRP are strict. Violations are punished by high fines up to 4 percent of the annual sales.

How Customer Identity Management can support the implementation of the GDPR:

1.      Consent Management

Informational self-determination of every single individual provides the basis of the GDRP. As soon as the data subject gives his unambiguous consent, or a legal allowance is granted the data processing is permitted (principle of prohibition).

Which legal requirements have to be met?

  • Companies should collect the consent of the data subject at the start of data collection e.g. during the registration process or if a change of the purpose of use occurs (art. 6 (1) point (a) GDPR)
  • The data subject can withdraw his or her consent. The withdrawal shall be as easy as giving consent (art. 7 (3) GDPR)
  • The company must provide a proof of consent on request (formal requirement, mandatory record) (Art. 7 Abs. 1 EU-DSGVO)

Cidaas provides a built-in Consent Mangement feature, which allows companies to manage the consent of their customers in a GDRP compliant Consent Management System.

2.      User Self-Service

  • According to art. 5 (1) point d) personal data needs to be kept accurate and up-to-date. The cidaas‘ User Self-Service companies can hand back control to the users and ensure, that the data is up-to-date.
  • Under the GDPR companies have a reinforced information obligation. A User Self-Service portal supports to comply with these obligations.

3.      Multi-Factor-Authentication

The GDPR requires the implementation of technical and organizational measures (TOM) to protect personal data. Cidaas provides high security with techniques like Multi-Factor-Authentication and biometric login methods (art. 32 GDPR).

4.      User Management

The right of deletion is another part of GDPR. Cidaas‘ User Management simplifies the management of customer profiles and with that, fulfill the requirement of deleting personal data on request (art. 13 GDPR).

5.     A single identity across multiple platforms

Companies take a significant step forward being GDPR compliant, having a single identity across all platforms, apps etc. instead of multiple separated user profiles.

6.      Role and Group Management

Cidaas guards personal data and protects them against unauthorized access. Moreover, cidaas logs/records continuously, as to who accessed and edited what data. Thus, every data entry, edit, delete made on personal data is clear (art. 5 (1) point f) GDPR).