Keypasco partners with Irish AG2 to deliver Award Winning MDM Solution in Irish Market

Today Swedish mobile device security company Keypasco, announced a partnership with Irish security company AG2.

AG2 is a trading name of Absolute Graphics who have gained both national and international recognition for their specialised security design projects including the Irish passport and Irish passport card.

“Significant effort and time has been invested in order to gain a foothold in this specialist niche market where the greatest barrier-to-entry is credibility. With GDPR regulation nearly upon us, AG2 is uniquely positioned to deliver this innovative product range to the Irish market” – Eddie Byrne, Managing Director, AG2.

With increased usage of mobile devices to complete online transactions in the home and at work, the need for a reliable MDM solution for app creators has become ever more prevalent. Keypasco has designed an award winning, patented solution using unique DeviceID on the end user’s device to make sure that a username and password only works on the right device and in the right location for that extra level of security. Simply, Security by Your Own Device!

“Our solution provides the same or higher level of security and accuracy compared to the best hardware solutions without the high costs of upfront investments, administration, logistics and without update limitations. And it’s not either or; our solution will always highly improve your current solution. In addition, to ensure a convenient user experience, the cutting-edge technology is working in the background to maintain the security behind the provider’s ordinary application interface” – Per Skygebjerg, Chief Operating Officer, Keypasco.

The key goal is to be able to provide state of the art security solutions to Irish technology providers. AG2 and Keypasco are the perfect combination of award winning security design and state of the art technological solutions.

Eddie Byrne continues: “Partnering with Keypasco means that we can add an extra layer of security intelligence to our offering giving our clients peace of mind”.

“Together with AG2 and our other global partners, we can spread Keypasco’s ground breaking technology not just in Ireland but around the globe” Per Skygebjerg, Chief Operating Officer, Keypasco.

“We are delighted to be the only Irish partner for Keypasco and are keen to share this cost-effective, user-friendly solution with current and future developers.” Eddie Byrne, Managing Director, AG2.

For more information visit: or contact us today; | +46 31 10 23 60

Mats Augurell New Senior Advisor for Keypasco

Mats Augurell, CEO of Alektum, takes the role of Senior Advisor for Swedish IT security company Keypasco. Through this, Keypasco will get the support needed to go from innovative newcomer to the obvious choice.

Keypasco has been active since 2010 and has, with their unique patented solution, established themselves as an important player in the market of authentication solutions. In the early years, the focus was on developing and refining the solution for different applications. Today, when the Keypasco Solution is in place, and what started as an idea provides secure authentication for millions of users worldwide, it’s time to focus on growth.

Mats Augurell has been CEO of Alektum Group AB since 2015. He is specialized in strategic advice, business development and has been involved in several growth funds and investment companies. Mats Augurell has over twenty years of experience as CEO and Entrepreneur. He has carried out everything from investments in companies to mergers and acquisitions and has since 1995 been a member of some 70 corporate boards. He has, among other things, been Senior Vice President of the Sixth Swedish National Pension Fund.

Mats Augurell has extensive experience in supporting and leading innovative companies on the journey from small start-up companies to stock market success. With Mats Augurell as Senior Advisor for the upcoming growth phase, Keypasco gets an invaluable benefit from his profound experience and knowledge.

“It is very pleasing that Mats wants to take on this role. It strengthens our confidence even more when such an outstanding and experienced person as Mats so clearly shows that he believes in our product. Mats has a major international contact network, many years of experience in coaching start-up companies during their growth, financing and exit strategy; This is a great asset for Keypasco.”
Maw-Tsong Lin, CEO, Keypasco

For more information, contact us today; | +46 31 10 23 60

Meet up at TRUSTECH

To showcase the Keypasco Solution we will once again attend one of the worlds largest annual events dedicated to trust-based technologies – TRUSTECH. The event attracting visitors from all over the world takes place at the Palais des Festivals in Cannes on the French Riviera, November 28-30.

Welcome to stop by our booth to talk about secure authentication, and to get a live demonstration of the Keypasco Solution. And do not miss the opportunity to listen to our COO, Per Skygebjerg, when he talks about the Keypasco Mobile PKI solution at the Innovation Stage. Pre-book a meeting with Keypascos representatives on site, or just stop by our booth to say hello. Keypasco can be found at booth LERINS D 030.

We look forward to seeing you!
The Keypasco team

For more information, contact us today; | +46 31 10 23 60

Learn more about TRUSTECH at the event website >

PSD2 – Strong Customer Authentication

In February 2017, the European Banking Authority (EBA) published the final draft of the Regulatory Technical Standards on Strong Customer Authentication and Common and Secure Communication under the revised Payment Services Directive (PSD2).

Maybe not the most selling title, but it is nevertheless important that your services use a security solution that meets the requirements. Let us tell you how the Keypasco Solution complies, and exceeds these new requirements for Strong Customer Authentication.

Why is Strong Customer Authentication needed?
PSD2 regulates how financial institutes and third-party services receive customer data information. The revised directive will allow new players access to consumers’ payment accounts, to make payments on their behalf, and to provide them an overview of their various payment accounts. The institutions holding the payment account of the consumer will have to provide these new players access to the account. As a natural consequence, the customer authentication requirements are strengthened.

”The implications will be severe for those companies that will not comply with the new EU- regulations in terms of PSD2. The direct implications will be sanctions and fines against those companies.”
Ria Vadpa / EU-commission in Brussels

Strong Customer Authentication requirements
If you are a Payment Service Provider you are, according to PSD2, required to authenticate a user when he or she; accesses an online payment account, initiates an electronic payment transaction or carries out an action through a remote channel that may imply a risk of payment fraud.

Transaction protection

It is unfortunately not uncommon with attacks where the amount, and payee have been altered, and then unwittingly confirmed by the user. For example, on mobile devices, this type of malicious attacks often use overlay windows. To prevent this kind of attacks, it is stated that the payment transaction data needs to be protected throughout all the phases of authentication.

"...payment service providers shall adopt security measures which ensure the confidentiality, authenticity and integrity…through all phases of authentication…”
PSD2, article 2

The Keypasco Solution:

Keypasco's mobile SDK can be used either as a specific authentication app, using a two-app interface for communicating with the payment app, or be included directly in the payment application. In any case, out-of-band communication through a secure and double encrypted channel is used for displaying the payment information.

Authentication elements
The basic definition of Strong Customer Authentication in PSD2 states that authentication has to be based on the use of two or more possible authentication elements. These elements are knowledge, possession and inherence often explained as something only the user knows, has and is. These elements must be independent from each other, and their usage must generate a one-time authentication code.

In the case of a payment transaction, the authentication code must be dynamically linked to the amount and the payee. If the payment amount or payee changes, the authentication code should change too.

The Keypasco Solution:

The Keypasco Solution utilizes all of these three elements. The basic factors include the PIN code, device ID, PIN code and / or the user’s fingerprint.

In addition to this, the Keypasco Solution has the opportunity to further enhance security by adding the user’s geolocation, history, and a proximity device as additional authentication factors.

The possession element requirements
Requirements related to the possession element are particularly relevant for mobile devices, such as smartphones and tablets. It is stated that possession elements "shall be subject to measures to prevent replication of the elements".

Mobile applications are easy to clone; in fact, entire mobile devices can be cloned without even having physical access to the device. A countermeasure can be to take device properties into account when generating an OTP or encrypting data used by the app.

The Keypasco Solution:

The foundation of the Keypasco solution, the patented six-level device ID uses besides device properties, five other layers to create a robust device ID. Every clone will be detected by us.

What about encrypting data then? Keypasco takes this security level one step further. The private key of the asymmetric key pair used for authentication code creation and digital signatures isn't stored on the mobile device. Where competitors store the entire private key somewhere on the device, Keypasco splits the private key into two parts; one part is stored on the server, and the other part on the mobile device. This second part is encrypted with the user's PIN code or some biometric property.

Independence of authentication elements
The PSD2 requirements regarding the independence of various authentication elements are especially important in the context of mobile devices.

If any elements of strong customer authentication or the authentication code is used through a multi-purpose device, like a mobile phone or tablet, the payment service providers shall adopt security measures to mitigate the risk resulting from the device being compromised.

For this purposes, the mitigating measures shall include, but not be limited to;

  • the use of separated secure execution environments through the software installed inside the multi-purpose device
    • This states that secure execution environments can be used. Mobile operating systems like Android and iOS meet this requirement via their sandboxing techniques. However, these mechanisms are only functioning correctly as long as the device is not jailbroken or rooted.
  • you must have mechanisms to ensure that the software or device has not been altered by the payer or by a third-party or have mechanisms to mitigate the consequences of such alteration where this has taken place.
    • This means that you as a Payment Service Providers must use security controls to detect, prevent and respond to the alteration of mobile apps and devices.

The so called "runtime application protection techniques" can accomplish this level of control, and also aid in detecting whether the device is run simulated and used through an emulator.

The Keypasco Solution:

The execution environment protection of Keypasco's mobile SDK not only detects whether or not a device has been rooted or jailbroken, it also provides continuous runtime monitoring that detects whether a debugger has been attached to the application - i.e. the possibility that sensitive data is retrieved from the memory as the application runs.

Moreover, Keypasco's SDK has for many years been able to detect every single mobile device emulator software in the world. This is a vital part to the security of any authentication software executing on mobile devices. Through internal and external testing facilities, we continuously update our simulator detection and execution environment protection.

Transaction risk analysis
PSD2 mandate the usage of transaction risk analysis based on such as, known fraud scenarios, signs of malware infection, and payment amount. Exemptions from risk analysis and Strong Customer Authentication are mentioned for payments that are rated as low-risk purchases by the payment service provider.

The transaction risk assessment should take payment patterns, location and time into account. Even though the maximum payment amount that can be exempted from Strong Customer Authentication is 500 euros, there is a lot of uncertainty and ambiguity regarding what a low-risk amount is. For instance, one factor that weighs heavily on which amount is considered to be a low-risk amount is the fraud rate of the payment service provider.

The Keypasco Solution:

The cost of the Keypasco Solution is by default based on the number of end-users, not the number of transactions. Therefore, a payment service provider using the Keypasco Solution can provide Strong Customer Authentication to every single transaction, regardless of the payment amount, for the same cost.

A core feature of the Keypasco solution is the device based risk engine. Traditional risk engines use probabilistic algorithms that calculate and estimate decisions based on times, transaction type etc. This leads to a certain percentage of false positives that cause inconvenience for all parties involved. The Keypasco's risk engine makes decisions directly based on device data containing device ID, location, time and behavioural history.

In this way, a device that has been used for fraudulent activities for one payment service provider becomes immediately blacklisted and denied access when it appears elsewhere as well. This can provide a single service provider, using the Keypasco Solution, protection and information that greatly exceed what can be obtained by collecting data exclusively from their own users' devices.

What about SMS OTP and other authentication solutions?

There are several other authentication solutions, which could meet the PSD2 requirements of Strong Customer Authentication. Here are some of them, along with the reason why the Keypasco solution does not utilize these:

  • OTP – very insecure, vulnerable to attacks and brings additional cost for the payment service provider.
  • Hardware tokens (one-button OTP generator, PIN challenge-response token, smart card reader etc.) – brings large additional costs for the payment service provider; purchase, distribution, maintenance. Also, they are inconvenient for the end-user.

Get a step closer to secure authentication for your online services, contact us today! | +46 31-10 23 60


Are your services PSD2 compliant?

Maybe you already have full control of PSD2, and what it means for you, and your business? If not, no need to worry. Our security solution is PSD2 compliant!

We put together a short summary of the new regulation to give you an overview of what it’s all about.

What is PSD2?
The EU Payment Services Directive, PSD2, has been submitted by the European Banking Authority (EBA) and regulates how financial institutes and third-party services receive customer data information.

PSD2 will allow new players access to the consumers’ payment account to make payments on their behalf and to provide them an overview of their various payment accounts. The institutions holding the payment account of the consumer will have to provide these new players access to the account, for example via an API.

Why PSD2?
The purpose of PSD2 is to make payments safer, increase consumer protection, and create an environment for innovation and competition on equal terms for all players, both established and new ones.

With PSD2 the aim is to reduce the risk of fraud for electronic transactions using Strong Customer Authentication, and enhancing the protection of the consumers’ data.

Strong Customer Authentication
One of the most important things in PSD2 is the need to perform strong authentication of users of electronic payment services.

For all electronic transactions this means that two, or more of the following independent elements must be used:

  • Knowledge – Something only the user knows like password or PIN
  • Possession – Something only the user possesses, the key material
  • Inherence – Something the user is like fingerprint or voice recognition

Strong Customer Authentication will have to be applied each time the user makes a payment, unless:

  • The payment amount is less than, at the moment € 30
  • The beneficiary is already identified

And the first time, and at least every 90 days a user consult their payment account, or an aggregated view of their payment accounts, using an additional service.

Dynamic linking
For secure remote Internet or mobile transactions, you will also need a unique authentication code that dynamically links the transaction to a specific amount and a specific payee.

Fraud protection
PSD2 also implies that you have to detect signs of malware infection in any sessions of the authentication procedure.

When does PSD2 apply?
PSD2 applies to all transactions made, where at least one party is located within the EU, and to all official currencies.

Are you concerned?
This is just the short version. Contact us today for more information. The Keypasco Solution meets all PSD2 requirements and can ensure that your services are PSD2 compliant.

Innovative solution provides Alektum Group protection against digital threats

Photo: TheDigitalWay/Pixbay

To further strengthen the security of Alektum’s services, Alektum Group, and IT security company Keypasco have signed an agreement for cooperation. By using Keypasco’s security solution for their client web, Backstage, and the credit reporting service, Decidas, Alektum Group becomes the first company in Europe to strengthen their user authentication with Keypascos unique innovative solution..

For all companies offering digital services, IT security is an ever-present issue. For Alektum Group, an active security is a matter of certainty, and a necessity. You have to constantly prevent the problems, before they occur. “Both us, and our customers, must feel confident that no unauthorized users can access the information in our systems.” says Anders Svensson, Senior Vice President of Alektum Group.

However, high security requirements often collide with the demands for user-friendliness. A problem, that can arise, when introducing new security solutions, is that they often require a change in user behaviour. Something that could be easier said than done.

A desire to challenge the traditions
Gothenburg-based, IT security company Keypasco, has found a way to solve the problem and deliver both a user-friendly, and safe security solution, where the customers don´t have to change their behaviour. By challenging the traditions and making security solutions easier and more adapted to human behaviour, Keypasco wants to make all types of online services more secure in the future..

“A security solution should not be complicated. On the other hand, it is important that you don’t put user-friendliness over security. With the Keypasco’s solution, we get both user-friendliness and security!” – Camilla Hennemann, CIO, Alektum Group

To simplify things are important. A good security solution should be neither seen nor noticed – as long as no unauthorized attempts to access your information, or carry out transactions in your name, are made.

The user in focus brings better solutions
By choosing a solution adapted to the user, you don’t have to spend time, and resources, on having the users change their behaviour. They can continue to log in using, username, and password – but with much higher security. If someone’s user data is compromised, it doesn´t matter – no-one else can use them anyway.

The Keypasco Solution ensures, that your username, and password, only work on your own computer, mobile or tablet!

Innovative world-class security
To continue to provide a good user experience, Keypasco’s cutting edge technology works in the background to maintain the security behind Alektum Group’s regular application interface. The core of the Keypasco Solution is the collecting of device-related data, from the device (desktop / laptop computer, mobile etc.) from which the login attempt is made. This allows Keypasco to offer something no-one else does – a risk-based authentication solution that is easy to integrate, and can be rolled out in the background to all end users at once.

“Alektum Group will be the first company in Europe to secure their authentication, using the Keypasco solution. It is particularly gratifying that it is a Swedish company, when we now establish ourselves on our home market.” – Maw-Tsong Lin, CEO, Keypasco

In addition, the Keypasco solution provides a unique risk engine, analysing the device behind every authentication attempt to detect fraudulent behaviour, to further increase the security. Several other features also add to the security.

A modern security solution for a modern company
One of the services that will implement the Keypasco Security Solution is the credit information service, Decidas. Decidas Info AB, is a part of Alektum Group, with the task of helping customers to keep their customer records alive and to choose the right customers to do business with.

As one of Sweden’s youngest credit reporting companies, built with the latest technology, it is a matter of certainty to use the best, state-of-the-art technology to control who has access to the service, and to the data available there. It is important, not just to be at the forefront of ones service offerings, but also with the tools and systems you use, and here security plays a very important part.

Anyone should not be able to access your collection cases
The second service, which will gradually implement Keypasco solution, is the online service Backstage, Alektum Group’s client web service for debt collection. Through the service, debt collector customers can monitor all their collection cases at Alektum Group. Of course, no one other than the person authorized shall have access to another person’s debt collection matters. Sensitive information must be well protected, so that no unauthorized persons can access it.

First in Europe, but not in the world
Alektum Group is the first company in Europe to implement Keypasco’s security solution. However, it is not an untested product. Keypasco is already established in the tough Asian market, where the solution is used for everything from banks to smart home systems. Keypasco is based in Gothenburg where all development takes place, but is represented, through local partners, in markets around the world.

About Alektum Group
Alektum Group is a family-owned company offering debt collection and associated services. We support our customers through the entire financial process with a unique combination of innovative services and products, reliable information and legal expertise, helping them find the right customers, improve liquidity, streamline invoicing administration and reduce credit risks. We believe in long-term partnership through close cooperation, tailored solutions and a tactful dialogue with the customer’s customers. Cooperation with us is always simple and effective – the right solutions at the right time for the right results.

Alektum Group has operated since 1992, initially as a debt collection company. Today, we operate in 15 European markets, with around 400 employees and a turnover exceeding SEK 550 million.

Yet another bank chooses a secure future

Photo: youncoco/Pixbay

Together with our partner company Lydsec, Keypasco are pleased to welcome our new customer – Agricultural Bank of Taiwan. They are the 17th customer to use the Keypasco Solution to provide state-of-the-art authentication to enhance the online security for their end-users.

The Agricultural Bank of Taiwan (ABT) is the only officially authorized banking institution in Taiwan that simultaneously functions as a professional agricultural bank and a commercial bank. They provide a full range of commercial banking services for retail customers. The bank assists farmers and fisherman throughout Taiwan in obtaining funds needed for agricultural production. Among their many services ABT offers consumer loans, commercial loans, mortgage loans, and deposit products.

Adaptation to modern authentication requirements

Like most banks and companies today, the Agricultural Bank of Taiwan have set ambitious goals to digitize their services. The rapid development and transition to online banking and mobile solutions however, places new demands on banks to find solutions that don’t compromise on the security for their customers.

“Lydsec will help ABT implement the Keypasco Solution to drastically increase the security of their eBanking customers” – Chengi Lin, CEO, Lydsec Digital Technology

By being open to new innovations and solutions, ABT can be at the forefront of the development and provide their customers with divergent electronic platform services and excellent eBanking services. By providing user-friendly solutions with secure authentication they can keep up a great customer satisfaction.

Keypasco’s partner company in Taiwan

Since 2012 Keypasco´s partner, Lydsec Digital Technology, have been promoting and distributing the Keypasco Solutions in Taiwan. Lydsec introduced the Keypasco Solution to the Taiwanese market to provide a convenient, high-security, and cost-efficient answer to the innumerable security threats that are out there. Thanks to their strong drive solve the problem and to provide reliable security solutions to their customers; their efforts have proven to be very successful.

“It is a great recognition of our joint hard work now that yet another bank in Taiwan have chosen to increase their digital security with the Keypasco Solution.” – Maw-Tsong Lin, CEO, Keypasco

The Keypasco Solution

To ensure a convenient user experience, Keypascos’ cutting-edge technology is working in the background to maintain the security behind the provider’s ordinary application interface. The core technology of the Keypasco solution, the collecting of device-related data – makes it possible to offer something no one else does – a risk-based authentication solution that is easy to integrate and can be rolled-out in the background to ALL end-users at once, regardless of the number of users.

In addition, the Keypasco solution provides a unique risk engine, analysing the device behind every authentication attempt to detect fraudulent behaviour, to further increase the security. Several other features also add to the security.