Latest news with #PSD2
Khaleej Times
3 days ago
- Business
- Khaleej Times
Shifting sands: The UAE is solidifying its global crypto takeover
The Middle East is not taking a back seat in the digital revolution. Once it banked on its natural resources like oil, today, it leads in the digital asset sphere. Europe and the USA are the spark that ignited the crypto adoption race, but it is Middle Eastern countries like the UAE that now hold the torch. The Western complexity The Western hemisphere has had crypto regulations for some time now, and authorities are updating digital asset regulations in 2025. However, unlike the UAE (with its well-thought-out planning), jurisdictions like the EU are running headlong into a quagmire. Markets in crypto-assets (MiCA), payment services directive (PSD2), transfer of fund regulations (TFR), and other rules meant to smooth out wrinkles are more of a hindrance. Carrying different requirements, sometimes these overlap, confusing an already complex environment. And member countries having their own internal regulations simply add more layers of uncertainty. In an industry where less is more, the UAE's course of action not only makes sense, but it has also helped the tiny nation lead digital assets and crypto innovation. Crypto industry gravitating towards the East Rather than take a stumble, learn, and improve approach, the UAE laid the foundations for a transparent, efficient, and effective framework back in 2017. Studying what other jurisdictions lacked, the Virtual Assets Regulatory Authority (VARA) was established in 2022. VARA is the first ever independent regulatory authority for crypto assets, with the most concise, user-friendly, and clear vision. Unlike the European approach, VARA offers legal clarity, strategically encourages a pro-blockchain environment, and integrates crypto into the mainstream financial system. While other major players like the EU only concentrate on regulating the industry (with complex and confusing rules), industry players are looking for better pastures. For many, the answer is the digital asset-friendly Emirates. First mover advantage Aiming to facilitate institutional investors and HNWI looking for crypto exposure, Dubai-based World Golden Gate (WGG) takes full advantage of VARA clarity. Understanding the benefits of a regulatory compliant platform early on, Dmytro Kostin, the founder of WGG, kicked off the licensing process before the mainstream industry followed. Under his vision, WGG is awaiting Stage 2 license clearance. While the final approval is pending, advancing into the second stage reflects WGG's compliance with VARA through a robust internal framework and understanding of how this can pivot the firm in the right direction. WGG acts as a principal trader, executing 80% of its clients' orders against itself. No counterparty risk, no public order books. Other features include on/off-ramping for fiat, enabling hassle-free purchase and sale of crypto. With non-custodial services and 1:1 backing, World Golden Gate aims to be a highly secure and transparent crypto brokerage service. Built with VARA's regulatory framework in mind, its operational model adds an element of trust that many others lack. The Emirates sees virtual assets not just as an industry that needs oversight, but as a technology that is being integrated at all levels. When a country starts using an innovation itself, it not only becomes a friendly place for entrepreneurs, startups, and the industry, but also a partner in the progress. Once behind Europe and the USA, the UAE now leads the digital asset sphere. In the midst of all this, World Golden Gate is prepping up to take the full regulatory-friendly environment of the UAE.
Techday NZ
5 days ago
- Business
- Techday NZ
Yubico launches Enhanced PIN YubiKey to boost enterprise security
Yubico has introduced the YubiKey 5 – Enhanced PIN, which is available through its YubiKey as a Service programme, providing additional PIN capabilities for enterprises seeking advanced authentication measures in 175 countries and 24 territories. The latest product from Yubico comes pre-configured with features intended to improve PIN management and user enforcement. Included in the configuration are a mandatory minimum PIN length and requirements for increased PIN complexity. This helps organisations meet evolving policy, compliance, and audit requirements for user authentication. As cyber threats facing enterprises continue to evolve, government standards and regulations regarding secure authentication are also changing. Enhanced authentication requirements, including those outlined in PSD2, the General Data Protection Regulation (GDPR), and the upcoming Cyber Resilience Act (CRA), are prompting organisations across multiple industries to update their authentication methods. These regulations underscore the importance of resisting unauthorised access, particularly credential phishing attacks. Industry standards are trending towards the use of phishing-resistant multi-factor authentication (MFA). Some organisations are requiring longer PINs, with a minimum of six characters, as well as increased complexity on hardware security keys, in order to strengthen security protections for their users. The new Enhanced PIN features are available on the YubiKey 5 NFC and YubiKey 5C NFC models, specifically through the YubiKey as a Service platform. Notable capabilities include PIN complexity set by default, a minimum PIN length requirement of six characters, comprehensive PIN management for users with enforcement policies applied by default, and always-on user verification (alwaysUV). In addition, a unique FIDO AAGUID is utilised to support policy enforcement. "Customers now have the ability to easily meet policy and audit requirements, as well as evolving compliance and regulatory guidance for authentication, with an 'off-the-shelf' product." The introduction of the Enhanced PIN YubiKeys aims to support organisations in meeting new regulatory and authentication standards in markets such as the European Union and Asia-Pacific Japan (APJ) region. Regulatory pressures for phishing-resistant authentication solutions are intensifying in these regions, increasing the demand for these types of security keys. Yubico has responded to this by expanding the reach of its YubiKey as a Service to include all European Union countries, and its YubiEnterprise Delivery has been broadened to a further 117 locations globally. The company's total distribution now covers 199 locations, which includes 175 countries and 24 territories. This expansion is designed to support both office-based and remote employees, effectively doubling the delivery coverage compared to previous years. Prior to this release, Yubico launched the YubiKey 5.7 firmware and the Security Key – Enterprise Edition, which introduced optional PIN complexity for devices running firmware version 5.7 or later. The Enhanced PIN capability now arrives as a standard feature for supported models acquired through the company's service platform. Organisations adopting these new keys are better equipped to streamline their approach to phishing-resistant authentication in markets where regulatory compliance is a growing concern. The expanded reach includes increased availability in regions such as the United States, Canada, Japan, Singapore, Australia, India, and the United Kingdom. The expanded service and new key features reflect Yubico's effort to address the challenges posed by a changing cybersecurity landscape and varying global regulatory requirements, supporting enterprise customers in their transition to more robust authentication systems.
Scoop
5 days ago
- Business
- Scoop
Yubico Delivers PIN Advancements With New YubiKey 5 Enhanced PIN Keys
Press Release – Yubico Yubico is committed to meeting the growing demand for phishing-resistant YubiKeys and enabling faster, more affordable delivery of keys to markets like the EU and APJ, where regulatory pressures for phishing-resistant authentication are intensifying. Yubico is today introducing the YubiKey 5 – Enhanced PIN, available exclusively via YubiKey as a Service, providing enterprises with seamless flexibility to roll out device-bound passkeys with impactful cost savings at scale to 175 countries and 24 territories. Pre-configured with the ability to deliver great PIN controls and user enforcement, the YubiKey 5 – Enhanced PIN features a minimum PIN length and an increase in overall PIN complexity. Customers now have the ability to easily meet policy and audit requirements, as well as evolving compliance and regulatory guidance for authentication, with an 'off-the-shelf' product. To prepare for continuously evolving cyber threats, governments around the world are adapting and updating authentication requirements for online services, which directly impact thousands of organisations and their employees. While there's currently no universal regulation for more robust multi-factor authentication (MFA), the need is highlighted across a range of requirements, including PSD2, GDPR, and the upcoming Cyber Resilience Act (CRA), emphasising the importance of ensuring cyber resilience against unauthorised access from credential phishing attacks. The cybersecurity industry agrees, with best practices leaning towards adoption of phishing-resistant MFA and some organisations requiring longer PINs (at least six characters) and PIN complexity on security keys for the most robust protection. Features are now available for the YubiKey 5 NFC and YubiKey 5C NFC models on the Enhanced PIN product via YubiKey as a Service, including: PIN Complexity turned on automatically Minimum PIN Length set to 6 characters Complete PIN control and user enforcement policies for all users via alwaysUV (always user verify) turned on by default Unique FIDO AAGUID to allow policy enforcement The added YubiKey 5 – Enhanced PIN keys offer the ability for organisations in these countries to be able to meet the latest authentication regulations and requirements, and stay ahead of evolving cyber threats. Yubico is committed to meeting the growing demand for phishing-resistant YubiKeys and enabling faster, more affordable delivery of keys to markets like the EU and APJ, where regulatory pressures for phishing-resistant authentication are intensifying. To meet continued global demand for phishing-resistant YubiKeys and varying regional requirements, Yubico recently announced the expanded availability of YubiKey as a Service to all countries in the European Union (EU), as well as YubiEnterprise Delivery across 117 new locations around the world. Now totalling 199 locations (175 countries and 24 territories), Yubico has been able to double the existing delivery coverage of YubiKeys to both office-based and remote users. This new release follows the introduction of the YubiKey 5.7 firmware and the Security Key – Enterprise Edition last year, where PIN complexity has been an optional feature available on YubiKeys with firmware version 5.7 or later. These advancements allow organisations to be more agile and flexible in their adoption of phishing-resistant YubiKeys, and build upon the company's existing reach in markets such as the United States, Canada, Japan, Singapore, Australia, India and the UK.
Scoop
5 days ago
- Business
- Scoop
Yubico Delivers PIN Advancements With New YubiKey 5 Enhanced PIN Keys
Yubico is today introducing the YubiKey 5 – Enhanced PIN, available exclusively via YubiKey as a Service, providing enterprises with seamless flexibility to roll out device-bound passkeys with impactful cost savings at scale to 175 countries and 24 territories. Pre-configured with the ability to deliver great PIN controls and user enforcement, the YubiKey 5 – Enhanced PIN features a minimum PIN length and an increase in overall PIN complexity. Customers now have the ability to easily meet policy and audit requirements, as well as evolving compliance and regulatory guidance for authentication, with an 'off-the-shelf' product. To prepare for continuously evolving cyber threats, governments around the world are adapting and updating authentication requirements for online services, which directly impact thousands of organisations and their employees. While there's currently no universal regulation for more robust multi-factor authentication (MFA), the need is highlighted across a range of requirements, including PSD2, GDPR, and the upcoming Cyber Resilience Act (CRA), emphasising the importance of ensuring cyber resilience against unauthorised access from credential phishing attacks. The cybersecurity industry agrees, with best practices leaning towards adoption of phishing-resistant MFA and some organisations requiring longer PINs (at least six characters) and PIN complexity on security keys for the most robust protection. Features are now available for the YubiKey 5 NFC and YubiKey 5C NFC models on the Enhanced PIN product via YubiKey as a Service, including: PIN Complexity turned on automatically Minimum PIN Length set to 6 characters Complete PIN control and user enforcement policies for all users via alwaysUV (always user verify) turned on by default Unique FIDO AAGUID to allow policy enforcement The added YubiKey 5 - Enhanced PIN keys offer the ability for organisations in these countries to be able to meet the latest authentication regulations and requirements, and stay ahead of evolving cyber threats. Yubico is committed to meeting the growing demand for phishing-resistant YubiKeys and enabling faster, more affordable delivery of keys to markets like the EU and APJ, where regulatory pressures for phishing-resistant authentication are intensifying. To meet continued global demand for phishing-resistant YubiKeys and varying regional requirements, Yubico recently announced the expanded availability of YubiKey as a Service to all countries in the European Union (EU), as well as YubiEnterprise Delivery across 117 new locations around the world. Now totalling 199 locations (175 countries and 24 territories), Yubico has been able to double the existing delivery coverage of YubiKeys to both office-based and remote users. This new release follows the introduction of the YubiKey 5.7 firmware and the Security Key - Enterprise Edition last year, where PIN complexity has been an optional feature available on YubiKeys with firmware version 5.7 or later. These advancements allow organisations to be more agile and flexible in their adoption of phishing-resistant YubiKeys, and build upon the company's existing reach in markets such as the United States, Canada, Japan, Singapore, Australia, India and the UK.
Time of India
05-07-2025
- Business
- Time of India
RBI acts tough against cyber frauds, directs all banks to use DoT's FRI technology to protect bank customers
Academy Empower your mind, elevate your skills What is the Financial Fraud Risk Indicator and how can banks prevent cyber frauds occuring with customers? FRI helps banks take real time preventive measures to stop cyber frauds What experts say about DoT's FRI technology? Customers enjoy more secure transactions, early alerts, and reduced losses. Banks get data-driven tools, real-time decisioning, and regulated guidance from RBI. Overall ecosystem sees improved resilience in India's digital payment landscape. Real-Time Threat Detection Uses AI and machine learning to identify fraudulent activities (e.g., phishing, account takeovers, payment fraud) in real time. Analyses behavioural patterns to detect anomalies. Risk Scoring & Fraud Prevention Assigns risk scores to transactions, logins, or user activities to flag potential fraud. Helps businesses block high-risk transactions before they occur. Automated Intelligence & Threat Feeds Integrates threat intelligence from multiple sources (dark web, breach databases) to identify compromised credentials or fraud schemes. Proactively alerts customers about emerging fraud tactics. Collaboration with Fintech & Banks Fraud detection models help financial institutions block suspicious transactions. Reduces financial losses for customers. Identity Verification & Authentication Enhances identity proofing with biometrics, device fingerprinting, and behavioural analytics to prevent impersonation fraud. Adaptive Fraud Mitigation Continuously learns from new fraud patterns to improve detection accuracy. Reduces false positives, improving customer experience while maintaining security. Regulatory Compliance & Reporting Helps organizations comply with anti-fraud regulations (e.g., PSD2, GDPR) by providing audit trails and fraud analytics. Cross-sector integration Combines telecom, banking, and cybercrime reports to produce a real-time fraud risk indicator (FRI) per mobile number. Actionable risk scoring (Medium/High/Very High) This gives banks immediate, automated inputs during transactions—something few countries offer in this structured way. RBI-Mandated Usage Unlike many countries where data-sharing is voluntary or siloed, India has made this integration a regulatory requirement. API-first model Makes it scalable, real-time, and platform-agnostic—ready for adoption by private banks, fintechs, and payment gateways. False Positives / Data Bias: If mobile numbers are wrongly flagged (e.g. recycled SIMs), customers may face unfair friction. If mobile numbers are wrongly flagged (e.g. recycled SIMs), customers may face unfair friction. Privacy & Consent: Cross-sharing of telecom and banking data must be privacy-conscious under the DPDPA Act. Cross-sharing of telecom and banking data must be privacy-conscious under the DPDPA Act. Fraud Adaptation: Scammers may move to untraceable channels (e.g. WhatsApp or foreign VoIP numbers), needing TRI to evolve further. The Reserve Bank of India (RBI) has declared war on cyber fraud affecting bank customers in India. On June 30, 2025, the RBI directed all Scheduled Commercial Banks, Small Finance Banks, Payments Banks, and Co-operative Banks to incorporate the Financial Fraud Risk Indicator ( FRI ) developed by the Department of Telecommunications (DoT) into their developed this cyber security system known as FRI and rolled it out in May 2025. To give a brief overview of this technology, the FRI allows for the automated exchange of data and information between the banks and DoT's Digital Intelligence Platform (DIP). This system aids banks in safeguarding customers from cyber frauds by facilitating real-time responses to any fraudulent activity and providing continuous feedback to emhance the fraud risk a press release dated July 2, 2025, DoT said: 'The system's utility has already been demonstrated with leading institutions such as PhonePe, Punjab National Bank , HDFC Bank, ICICI Bank, Paytm, and India Post Payments Bank actively using the platform. With UPI being the most preferred payment method across India, this intervention could save millions of citizens from falling prey to cyber fraud. The FRI allows for swift, targeted, and collaborative action against suspected frauds in both telecom and financial domains.'Check out the info below to learn more about this technology and how it can protect regular bank customers from the threats of cyber the press release, the DoT said that the Financial Fraud Risk Indicator (FRI) is a risk-based metric that classifies a mobile number to have been associated with Medium, High, or Very High risk of financial fraud.'This classification is an outcome of inputs obtained from various stakeholders including reporting on Indian Cyber Crime Coordination Centre (I4C's) National Cybercrime Reporting Portal (NCRP), DoT's Chakshu platform, and Intelligence shared by banks and financial institutions.'DoT said that the FRI technology empowers stakeholders-especially banks, NBFCs, and UPI service providers- to prioritize enforcement and take additional customer protection measures in case a mobile number has high said in the press release: 'The Digital Intelligence Unit (DIU) of DoT regularly shares the Mobile Number Revocation List (MNRL) with stakeholders, detailing numbers disconnected due to cybercrime links, failed re-verification, or misuse—many of which are tied to financial frauds.'The telecom department said that banks and financial institutions can use FRI in real time to take proactive steps like declining suspicious transactions, issuing alerts or warnings to customers, and delaying transactions flagged as high Wig, Co-founder & CEO, Innefu Labs says: 'Banks can leverage FRI to proactively alert customers about suspicious calls or messages originating from numbers identified as high-risk. By integrating FRI into their digital banking platforms, customer service workflows and fraud detection engines, banks can strengthen their ability to identify potential threats in real-time. Moreover, by coupling FRI data with AI-based risk scoring and user behaviour, analytics can help banks predict and prevent fraud before it occurs. This enhances customer trust and reduces financial exposure, while also helping law enforcement trace fraud networks more effectively.'Sheetal R Bhardwaj, executive member of Association of Certified Financial Crime Specialists (ACFCS), says: "Already adopted by major players like HDFC, ICICI, PhonePe, and Paytm, FRI enables institutions to flag suspicious activity, protect consumers, and reduce scam exposure. Its collaborative model bridges telecom and finance, creating a unified defense against cyber threats. As UPI continues to dominate India's payment landscape, FRI enhances transaction integrity and consumer confidence. With its scalable, data-driven approach, FRI could become a global model for fintech-telecom collaboration in fraud prevention—positioning India as a leader in digital trust."DoT further said: 'This move marks a new era of digital trust and security, reinforcing the Government's broader Digital India vision. DoT continues to work closely with RBI-regulated entities to streamline alert mechanisms, accelerate fraud detection, and integrate telecom intelligence directly into banking workflows. As more institutions adopt FRI into their customer-facing systems, it is expected to evolve into a sector-wide standard, reinforcing trust, enabling real-time decision-making, and delivering greater systemic resilience across India's digital financial architecture.'ET Wealth Online has asked various experts about how DoT's FRI technology can help consumers, here's what they said:There are few countries who use similar technology like USA, UK, Singapore, Australia, China etc. This latest development layers telecom intelligence into banking workflows, creating a proactive fraud shield:Here's how banks can use TRI technology to help their customers in respect to cyber fraud:Strengths of this technology:The Financial Fraud Risk Indicator (FRI), launched by the Department of Telecommunications' Digital Intelligence Unit, is more than a fraud detection tool—it's a digital trust enabler. By classifying mobile numbers based on fraud risk using data from cybercrime portals, telecom intelligence, and financial institutions, FRI empowers banks and UPI providers to take real-time, preventive action.
