In the new episode of the TrustTalk podcast, we interview Jacoba Sieders. She is one of Europe’s experts in identity access management, digital identity, cybersecurity, digital payment services, and privacy.
Listen to the podcast on all major podcast platforms, on: https://podfollow.com/trusttalk or just via “podcasts” in the main menu of this blog post. Some quotes:
Safe data
“Data used to be safe and secure within a company, within a parameter and we could trust that if the data is in our own servers where we as a company are working with, and where we have our boundaries and our parameter safe, we could trust data in there and we could trust the devices and the users inside because we’ve all checked them. Today, when data is all the time in transit, is connected to a lot of partners across the network, outside of our own company, people are working from home and people access data from a lot of types of devices and this big distribution of data in transit is everywhere. We have Zero Trust. And Zero Trust, this is the way, it’s what stands for the protection of data in this type of setting. How can we make sure that the data is still safe and secure, although we have Zero Trust in the location or devices or environment where that data is residing or where it’s used to. So no matter the location, even inside, we don’t trust anything. So we need new types of protection, new types of architecture, and access management to make sure that still, we can work safely.”
Payment Services Directives I and II
“The idea for setting up Payment Services Directive II, the Directive I was setting up the single European payment area. So within Europe, we could all easily make payments across Europe. That was the number one Payment Service Directive, and then number II, it expands on that. The idea was that there are banks and they sit on a lot of customer data and they know all these transactions. And that’s a big wealth, big value to have all this data. And there are payment service providers, and today we have about seven hundred of them. Think about paying PayPal and all the other, Adyen, those that provide payments, that’s their service, but they’re not really like banks. And there should be more equality between the two types of financial institutions, the Payment Service Providers, they should also have a right to get to the data and to use the trust and data that banks have gathered to make the world more equal. Make more, now, so the idea was that if we let these payment service providers access the same data that these banks own and possess and gather, they could also have some good use. They could benefit from that. So the Payment Services Directive II prescribes that every regular bank, account service provider, with a real bank account, should open up their back office, so a Payment Service Provider could access the customer’s data, the transaction data of customers, if the customers give consent and if there is a strong customer authentication, it has to be secure back door. So the Payment Service Provider could use that data and leverage on that or find new business models. And then there are two types of three types of services. The one is that accessing the customer’s data and a second one is also originating a real payment within the bank, done by PayPal, and the third one is confirming that a customer really has enough funds, when we talk about credit cards. That there is that it’s backed by a bank account that has enough funds, these three services. Now, of course, it means that we are as a bank, you are keeping the front door very safe and your audited three , twice per year and really, really strict, strict, strict evidence, blah, blah, but a payment service provider can go through the back door and get that data or look at that data and what happens with that data when it’s there, with PayPal? I can’t secure it any longer.”
Listen to the 25 minute interview on the TrustTalk podcast
Or read the transcript below
All podcasts are being audio-edited by Job Dijk of Steigerstudios in Veenendaal, The Netherlands