Blog

(2 Minute Read) No-one thought complying to PSD2 was going to be easy. This revised Payment Services Directive is going to revolutionise the payment services industry but this is going to take time. Delaying until 2021 will ensure organisations find the best solution to make the necessary changes and ultimately ensure online payments within Europe are safer, faster, cheaper and more convenient. Last year, cyber incidents increased by 1000% and fraud losses on UK ‘card not present’ transactions 47%.…

Here, Dr Michael Scott considers digital signatures and the verification they provide in today’s digital world. (4 Minute Read) Digital signature is an attempt to provide a digital analogue of the human signature. Before getting into that, let’s look again at the human signature, and what it provides. The hand-written human signature provides irrevocable authentication of a document. You sign something, you are committed to it, and you can’t deny it later.…

One of the biggest issues in security today is that of secure identification and the misuse of stolen credentials to gain fraudulent access. This is highlighted in recent Verizon Data Breach reports: in the 2017 report it is revealed that 62% of data breaches featured hacking with 81% of these leveraging stolen or weak passwords; in the 2018 report the authors note the considerable number of breaches due to botnets using malware to capture login details and exclude them from their analysis since “due to the sheer number of them (over 43,000 successful accesses via stolen credentials), they would drown out everything else”.…

What do Yahoo!, Equifax, and eBay all have in common aside from data breaches on an epic scale? They all rely on a user’s trust across digital networks to move their businesses forward. If your enterprise still relies on stored and shared authentication credentials (e.g. passwords) it’s only a matter of time before your company’s name (and perhaps your name as well) appear in the news related to a hack of your user database.…

Your end user has a relationship with your business application for only one reason. To do business with you. Anything that interferes with the security of that relationship not only disrupts your business, but also can place your customers at risk in other business relationships. As seen with the Equifax breach in the United States, 143 million US citizens lost control of their Social Security numbers, which are used in nearly all government and banking systems.…

Europe’s financial institutions are sleepwalking into a regulatory nightmare with security systems that are not fit for purpose to meet the requirements of the European Union’s revised Directive on Payment Services (PSD2), which was adopted in 2015. Member states have had two years to introduce the necessary changes in their national legislation in order to comply with the new rules, and firms are expected to be compliant by January 2018.…

Often a competent and experienced software engineer is tasked to implement a cryptographic algorithm. Unfortunately they may be unaware of what we call side-channels attacks. For example normally a programmer couldn’t care less about the power consumption profile of their running program. However in many situations where cryptography is deployed an attacker is in a position to monitor power consumption. And the power consumption profile may leak information about a secret cryptographic key.…

There are two key questions anyone associated with business and data need to ask themselves: Does our company still have a password database and, if so Why? The simple fact is that there is no reason for any company to have a password database anymore. It is now estimated that 81% of all hacking related breaches involve the use of stolen or weak credentials (source: DIBR). And we need to put this in the context of 8 billion authentication credentials having been stolen since 2013, with all that this implies for damage to a company’s business and brand reputation.…

In our last blog, “Post Quantum Cryptography for Grandparents”, (which you really need to read first before reading this one) we pointed out that Post-Quantum cryptography as based on the Ring Learning with Errors (RLWE) problem, can actually be quite easy to understand, despite its rather terrifying terminology. Its based on this one-way function B=As+e Where A and B are “large” polynomials and s and e are “small” polynomials. Given A , s and e , its easy to calculate B, its just a multiplication followed by an addition.…

Its actually not as complicated as it sounds. Let’s get the maths over with first. Remember polynomials? (x+1)(x+1)=x2+2x+1 This would be an example of two first degree polynomials being multiplied together to create a second degree polynomial (or quadratic). In general two n-th degree polynomials when multiplied together create a 2n-th degree polynomial result. Polynomials can also be added (3x+5)+(5x+6) = 8x+11 Don’t tell me that’s hard! For the polynomial 8x+11, the coefficients are 8 and 11.…

As we are all aware we are on the cusp of a major revolution in the auto-mobile industry. In 20 years we will all be driving electric cars and the good old petrol engine will be something we visit in museums. Already governments are legislating, and auto makers are revamping their assembly lines, to be ready in good time. In the meantime the industry has introduced a slew of “hybrid” models, which have two engines, one petrol and one electrical.…

In 2018, PSD2, the revised Payment Service Directive will be implemented which will change banking as we know it. Banks and payment services will be required to comply with new legislation which aims to improve innovation, reinforce consumer protection, and improve the security of internet payments and account access within the EU and EEA. What is PSD2? The Payment Services Directive is an EU Directive, administered by the European Banking Authority to regulate payment services and providers.…