O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

GDPR and PSD2 Data Protection Compliance for the Financial Sector

Video Description

Build PSD2 and GDPR compliance and learn how to protect against financial malware

About This Video

  • The course is delivered in a mix of over the shoulder lessons and PowerPoint presentations. So, either it shows you clicks on the screen and how exactly you do different actions, or it presents you the full concept using slides.
  • On top of that, you will get downloadable resources that will help you in your journey.

In Detail

The course is a complete A to Z, so we will cover everything that you need to know.In this way, we will first understand financial institutions challenges, PSD2 benefits for consumers, risks involved, security of payments and new types of service providers. We will follow up with GDPR relation and the impact of PSD2 and GDPR for banks. We will learn about open banking methodologies, what financial malware is and how operates. In the end, we will understand how to create a business case for our financial institution and how some hacking attacks are performed. By going through the course you will also get really good resources like PSD2 directive and implementation guide or GDPR implementation guide, open banking implementation and uier experience guides and also the language report that banks relates to. Financial gain is still one of the major motivations behind most cybercriminal activities and there is little chance of this changing in the near future. One trend that has become evident over the last year is that cybercriminals are increasingly moving beyond banking customers and are now also targeting financial institutions directly using top of the rock financial malware. So how can we protect using cloud security and why cloud security is the best approach instead of on premises tools? Once inside the financial institution’s network, the attacker can learn how to transfer money, issue fraudulent transactions, or orchestrate ATM machines to dispense cash, these being the end result of the financial malware. Boost your career by understanding the mechanisms behind financial malware and what banks are looking for in choosing their anti-malware solutions and why cloud security is the best option in this case!

Table of Contents

  1. Chapter 1 : Introduction
    1. Welcome and Intro 00:01:55
  2. Chapter 2 : Payment Services Directive (PSD2)
    1. What is PSD 2 and main objectives? 00:04:18
    2. Benefits for consumers 00:07:08
    3. Scope of PSD2 directive 00:02:56
    4. New rules on authorization and supervision 00:05:26
    5. Security of Payments 00:03:10
    6. New types of service providers – TPPs 00:06:42
    7. Impact of PSD2 to financial services industry 00:04:29
    8. New risks associated with the TPPs 00:06:49
  3. Chapter 3 : GDPR and PSD2
    1. GDPR intro 00:02:49
    2. Banks are caught between GDPR and PSD2 00:06:03
    3. Other challenges - GDPR and PSD2 00:06:07
    4. What is Open Banking Consent Model? 00:04:17
    5. Consent Step 00:02:39
    6. Authentication Step 00:01:05
    7. Authorization Step 00:02:15
    8. Redirection 00:01:30
    9. Data Minimization & Permissions 00:01:56
  4. Chapter 4 : Other banking challenges related to cyber risk
    1. 1.2 Today Challenges 00:05:35
    2. 1.3 Target and Distribution 00:06:20
    3. 1.4 Attack Methods 00:06:47
    4. 1.5 Infection Vectors 00:05:55
    5. 1.6 Targeted attacks against financial institutions 00:05:21
    6. 1.7 Mobile Platform and Email Scams 00:09:28
    7. 1.8 TakeDowns and Conclusions 00:06:24
  5. Chapter 5 : Malware History with Examples
    1. 2.1 Past 3 decades of malware (part 1) 00:06:49
    2. 2.2 Past 3 decades of malware (part 2) 00:10:52
    3. 2.3 The Architecture of Financial Malware 00:05:40
    4. 2.4 Zeus 00:12:36
    5. 2.5 Zeus GameOver (P2P) 00:11:15
    6. 2.6 SpyEye 00:11:03
    7. 2.7 IceIX 00:08:30
    8. 2.8 Citadel 00:10:48
    9. 2.9 Carberp 00:07:26
    10. 2.10 Shylock 00:07:33
    11. 2.11 Bugat 00:02:55
    12. 2.12 Dyre 00:11:15
    13. 2.13 Dridex 00:10:13
    14. 2.14 Shifu 00:07:07
    15. 2.15 Tinba 00:05:56
  6. Chapter 6 : Making a Business Case for Financial Malware
    1. 3.1 Why Fraud Risk Engines fail? 00:08:23
    2. 3.2 How to bypass 2 factor authentication 00:07:18
    3. 3.3 Fraud Prevention Technology 00:08:40
    4. 3.4 Compliance and Legal issues 00:04:45
    5. 3.5 Customer Impact 00:05:58
    6. 3.6 Selecting the right cybercrime prevention solution 00:13:37
    7. 3.7 Malware Detection – intro 00:03:48
    8. 3.8 Malware Detection Advanced 00:05:44
    9. 3.9 Malware Detection - how technology can help? 00:07:07
    10. 3.10 Criminal Detection & Account Takeover 00:05:40
    11. 3.11 Account Takeover - product architecture example 00:12:08
    12. 3.12 What about Mobile Banking 00:09:49
  7. Chapter 7 : Some simple hacking attempts – demo
    1. 4.1 Lab Setup 00:02:59
    2. 4.2 XSRF attack 00:07:13
    3. 4.3 Compromising Public Server 00:07:28
    4. 4.4 Break-In: Compromising the victim computer 00:02:59
    5. 4.5 Other Web Application Attack Example 00:04:17
    6. 4.6 Locky Ransomware 00:05:58
    7. 4.7 Gathering Info & Exfiltrate 00:09:12
  8. Chapter 8 : Conclusion
    1. Conclusion 00:02:45