Through adopting General Data Protection Regulation (GDPR) and Second Revised Payment Services Directive (PSD2) the European Union initiated a more serious approach to data privacy and security from the regulators. In this new view, how personally identifiable information (PII) is stored is one of the most important questions for businesses and organizations.
GDPR is designed to protect EU citizens, however, its reach extends far beyond Europe, since it affects any business dealing with the private data of EU citizens, regardless of size and location. It defines organizations’ obligations but also defines citizens’ rights in the digital landscape which must be upheld.
PSD2, on the other hand, is a directive aimed at eliminating the banks’ monopoly over customers’ accounts and payment information and services. Its goal is to give customers more control over their finances through an obligation for banks to open their APIs across the financial sector and allow third-party providers to provide additional account and payment services.
We developed Blinking with respect to the individual, personal information privacy, and security. From the beginning, we had in mind the new era of regulatory concerns and challenges that GDPR, PSD2 as well as CCPA were to bring. We developed many of the functions and components of our system in order to ease the burdens of businesses and organizations. Blinking provides technical compliance out-of-the-box. All the personal and private information is owned and controlled by the user.
Using Blinking businesses comply with GDPR because they respect the essential rights of their customers. Our solutions give customers the right to access their digital identity and all provided private data. It provides data portability because digital identity is not tied to a particular device. Verify and Certify solutions have the internal log providing the right to be informed since customers always have the knowledge of who, when, and for what purpose processes their personal information.
The consent mechanism function in Verify provides customers with the right of rectification (correcting inaccurate information), right to restriction of data processing, and right to erasure (case-dependent). They can provide or revoke access, change or delete their private data.
PSD2 essential obligation of enabling verified and secure customer authentication tools and procedures is the primary use case for our Verify solution. Directed at payment providers and financial institutions, PSD2 tackles identity fraud and theft and ensures that the highest standards of authentication are used by these institutions.
PSD2 obliges payment service providers to apply so-called “strong customer authentication” (SCA). It is an authentication process that validates the identity of the user of a payment service or of the payment transaction. The aim is to reduce the risk of fraud for online payments and online banking and protect the confidentiality of the user’s financial data, including personal data.
Once again, Blinking is built with SCA at its core. Our multi-factor authentication solution Verify relies on the combination of at least two factors or more:
- Knowledge: something only the user knows, e.g. a password or a PIN code
- Possession: something only the user possesses, e.g. a mobile phone, and
- Inherence: something the user is, e.g. the use of a fingerprint or voice recognition.