Cyber-security and data protection are rapidly growing concerns and hot topics for any business that feels unprepared to deal with the consequences of a hack. Whilst stringent measures are often adopted and put in place by companies, keeping ahead of the security game key to staying safe. This is where two-factor authentication (2FA) comes in.
Cast your mind back to 2016, when news broke that Yahoo! had been embroiled in two separate data security breaches in 2013 and 2014. The 2013 hack still ranks as the largest data breach in history. Crucially, the internet search engine failed to disclose the security breach for two years after hackers stole over 3 billion users accounts with personal information. This did not end well for Yahoo! as they were presented with a $50 million bill for damages to victims, plus a further $35 million in lawyer expenses – a costly oversight.
This case perfectly demonstrates the close relationship between data protection and cyber-security and the fact that, if businesses fail to adopt a robust approach in respect of cyber-security, this can significantly increase the risk of committing a serious breach of data protection law.
Playing by the rules
Since the Yahoo! media frenzy, we’ve seen the introduction of the General Data Protection Regulation (GDPR) across Europe. It’s designed to help tighten up controls on data security and modernize laws that protect the personal information of individuals.
As an extension, new requirements for authenticating online payments will be introduced across Europe on 14 September 2019 as part of the second Payment Services Directive (PSD2). Also known as Strong Customer Authentication (SCA), this new European regulatory requirement will act to reduce fraud and make online payments more secure.
To authorize payments once SCA comes into effect, companies will need to build additional authentication into their online checkout flow, using at least two out of the three elements:
- Something the customer knows (password or PIN)
- Something the customer has (Phone or hardware token)
- Something the customer is (fingerprint or face recognition)
This Two Factor Authentication (2FA) step adds an extra layer of security to existing measures, further protecting digital products and services.
Being proactive is a serious business
Cyber and data protection are both high on the agenda for Currencycloud and are taken very seriously given the complexity of cross-border payments and sensitive data we hold (both inbound and outbound). With this in mind, we are already finding ways to improve security and to mitigate the risks associated with the Yahoo! case.
Currencycloud is already preparing for the extra authentication that PSD2 requires by piloting a new 2FA process. This extra layer of security will help to protect online accounts against potential threats, offering a more secure online experience. Other industry leaders will follow suit, we’re just ahead of the pack for now.
As well as logging in to the Currencycloud Direct platform as usual with your username and password, we are now asking that you download the Authy app, which takes a few seconds and verify your identity using your smartphone or tablet.
Don’t worry: this is not an extra task to factor into your busy day. First-time users simply need to authenticate themselves via the Authy app and then continue to do business as usual. We will just check it’s you every now and then, especially if you’re logging into your account from a different device.
Implementing 2FA will add to the many ways that we ensure your data and money is protected under regulatory laws, helping you to make online payments safely and securely. It will leave you to go about your daily business safe in the knowledge that we’re taking your security seriously.