Blockchain experts award Keypasco

Maw-Tsong Lin, Mr Xue Manzi (薛蠻子), Per Skygebjerg and Dr Xu Gang (徐刚)

Throughout the year Keypasco has been working intensively with preparations for the ICO launch. A work that is now gaining attention, and the project was today announced by leading experts as The Best ICO Project.

Keypasco won the award as the best ICO project among 6 candidates. The award was presented after a 2-day event at Samui Island, Thailand organized by the famous Mr Xue Manzi (薛蠻子).

After two intense days with presentations and argumentation for our project and blockchain solution Keypasco won the only award at this event!

Keypascos unique technology, team with good track record, huge target market potential, especially within blockchain, and our vision for the future are the main reasons for winning the award.

Charles Xue Biqun, also known by his alias Xue Manzi, is a billionaire venture capitalist and one of the most active investors in the Chinese Internet industry. Having invested in hundreds of Internet start-up firms, he is considered one of the best and most reliable investors in Blockchain with a very good track record on his investments. Mr Xue Manzi is also Vice President of the World Block Organization with HQ in New York.

We are very honoured by this award that we received thanks to the great work of the Keypasco team and partners!  Maw-Tsong Lin, CEO & Founder of Keypasco

To learn more about the ICO and Keypascos Blockchain Solution please visit www.keypascoid.io or contact us today;
info@keypasco.com | +46 31 10 23 60

Keypasco expands to Blockchain

Keypasco expands to Blockchain

The Swedish IT security company Keypasco has been working in the field of online authentication since 2010, providing its unique patented solution to millions of end-users worldwide. To expand in to the future Keypasco are now developing their solution in to the world of blockchain. With a clear goal set – to secure all virtual property on blockchain.

Blockchain technology is here to stay. With this in mind Keypasco has developed a blockchain based security solution for the present, and the future.

Maw-Tsong Lin, Founder & CEO of Keypasco, comments: “Internet has changed the world, and mostly for the better, but many services have insufficient security. Privacy and integrity has become major issues today. Blockchain is based on trust and openness, but the risk of fraud has increased significantly. But the risk is unnecessary, KeypascoID can make blockchain more secure and more user-friendly than the Internet has ever been.”

In traditional banking, the assets are related to a person. In Blockchain, the assets are related to a private key. To gain access you need to have the private key. The problem is that anyone who has the private key can claim the assets connected to it. And if the private key is lost, so are the assets connected to it.

Managing the private key is therefore a real problem. Most of today’s solutions try to solve the problem by adding additional layers, like hardware devices or One Time Passwords (OTP). Keypasco has solved the problem at its core; if you do not store the private key, there is nothing to steel or lose.

“The new blockchain solution focuses initially on solving three issues, Private Key Storage & Recovery, micropayments and secure anonymous and non anonymous authentication.”
Per Skygebjerg, Co-founder & COO

The new blockchain adapted solution, KeypascoID, is a distributed Federated Single Sign On Service (SSO) for hundreds of millions of end-users, for access to hundreds of millions of online service providers both on blockchain and traditional Internet market.

“By splitting the private key, Keypascos patented technology can protect the private key in a simple yet secure way. Since it does not exist in its entirety anywhere, it cannot be stolen. The Keypasco blockchain echo-system offers an open platform, it will be very exciting to see all the new innovative applications and services that the future will bring using the KeypascoID.”
Lars Borchardt, CTO

The blockchain expansion will start with an Initial Coin Offering (ICO) in May.

For more information contact us today;
info@keypasco.com | +46 31 10 23 60

The New Security Solution for the Title Insurance and Real Estate Industry

ViaLOK secured by Keypasco

Keypasco and ViaLOK have joined forces to bring a new security solution made specifically to help secure communications between title agents, lenders as well as buyers, sellers and their agents.

Technology is always evolving, and to stay ahead of criminals who would defraud members of the title insurance and real estate industry and their customers, there is a continuous need to create new solutions to address current processes.

“With millions of dollars in fraud every year, and hundreds of thousand of transactions, Keypasco’s solution was the best choice.”
Stewart Holley, ViaLOK

ViaLOK mission is focused on providing fraud mitigation solutions that are secure, affordable, effective and easy to implement. Together with Keypasco this becomes reality.

With ViaLOK, Title Agents, Law Firms, Underwriters and yes, even Financial Institutions have a secure and trusted solution for making request for and approving changes to settlement instructions with end-users – stopping hackers and scammers in their tracks. The ViaLOK solution requires end-users to securely approve or deny changes to disbursement or payment instructions.

“ViaLOK is the new industry standard for securing not only transactions, but also communications in the Banking and Real Estate Sectors. This product, powered by Keypasco, provides a real solution to wire fraud, protecting private data, and eliminating the threats of hackers. ViaLOK, the transaction security solution.”
David Harrington, ViaLOK

ViaLOK – Secured by Keypasco
Keypasco’s unique patented solution uses a revolutionary new technology for user authentication. By using the unique DeviceID on the end-user’s own device, like a smartphone, tablet or a desktop/laptop computer, the Keypasco Solution can make sure that a username and password only works on the right device and in the right location.

“We view Keypasco as the only real solution to mitigate wire fraud in real estate transactions. Keypasco’s unparalleled security, ease of implementation and flexibility make it the best choice for our industry.”
Stewart Holley, ViaLOK

The ViaLOK solution, powered by Keypasco, provides a best-in-class solution for addressing issues related to:

  • Email Spoofing
  • Device Tampering (including cloning, debugging, and more)
  • MitM Attacks (Intercepting User Credentials)
  • Lax or Absent Security Protocols

For more information visit www.viaLOK.com or contact us today;
info@keypasco.com | +46 31 10 23 60

AG2 and Keypasco Welcome New Customer Identicare

Last November, our partners AG2 travelled to the Trustech Conference to join us in our stand. Professionals from the trust-based technologies gathered together for 3 days in the beautiful surrounding of Cannes, France.

For AG2 and Keypasco, the event marked a very special occasion, the announcement of our new client – Identicare.

Identicare is focussed on the self-care area and has created a complete range of patient-centric medication assessment and monitoring tools under the brand IdentiKit. The aim of these tools is to expand the role of the pharmacist at the centre of patient care by providing timely, good-quality, trustworthy information to both the patient and the care team.

Upon launching this solution, Identicare identified the need to invest in cutting edge security at every level in order to ensure compliance with the strictest data protection requirements.

“When it comes to cloud solutions that handle patient specific data, one cannot compromise. It is essential to choose the best security partners available.” 

The Keypasco solution uses the unique DeviceID on the end-user’s own device, such as a smartphone, to make sure that the username and password only works on the right device and in the right location.

Both AG2 and Keypasco are delighted to have Identicare on board and we look forward to watching this very exciting technology develop further in 2018.

For more information visit: www.ag2.ie or contact us today;
info@keypasco.com | +46 31 10 23 60

Internet Security Provider of the Year

When GDS Review Magazine recently announced the winners of the Cybersecurity Awards 2017 we were happy to find Keypasco among the winners.

GDS Review has announced Keypasco as Internet Security Provider of the Year – Sweden & Most Innovative Multi-Factor Authentication Technology.

We are very pleased with the attention that GDS Review gives us through this award.
Maw-Tsong Lin, CEO, Keypasco

You can read more about the award, and GDS Review if you follow the links below.

The official press release >

List of Winners – Keypasco >

For more information, contact us today;
info@keypasco.com | +46 31 10 23 60

Keypasco partners with Irish AG2 to deliver Award Winning MDM Solution in Irish Market

Today Swedish mobile device security company Keypasco, announced a partnership with Irish security company AG2.

AG2 is a trading name of Absolute Graphics who have gained both national and international recognition for their specialised security design projects including the Irish passport and Irish passport card.

“Significant effort and time has been invested in order to gain a foothold in this specialist niche market where the greatest barrier-to-entry is credibility. With GDPR regulation nearly upon us, AG2 is uniquely positioned to deliver this innovative product range to the Irish market” – Eddie Byrne, Managing Director, AG2.

With increased usage of mobile devices to complete online transactions in the home and at work, the need for a reliable MDM solution for app creators has become ever more prevalent. Keypasco has designed an award winning, patented solution using unique DeviceID on the end user’s device to make sure that a username and password only works on the right device and in the right location for that extra level of security. Simply, Security by Your Own Device!

“Our solution provides the same or higher level of security and accuracy compared to the best hardware solutions without the high costs of upfront investments, administration, logistics and without update limitations. And it’s not either or; our solution will always highly improve your current solution. In addition, to ensure a convenient user experience, the cutting-edge technology is working in the background to maintain the security behind the provider’s ordinary application interface” – Per Skygebjerg, Chief Operating Officer, Keypasco.

The key goal is to be able to provide state of the art security solutions to Irish technology providers. AG2 and Keypasco are the perfect combination of award winning security design and state of the art technological solutions.

Eddie Byrne continues: “Partnering with Keypasco means that we can add an extra layer of security intelligence to our offering giving our clients peace of mind”.

“Together with AG2 and our other global partners, we can spread Keypasco’s ground breaking technology not just in Ireland but around the globe” Per Skygebjerg, Chief Operating Officer, Keypasco.

“We are delighted to be the only Irish partner for Keypasco and are keen to share this cost-effective, user-friendly solution with current and future developers.” Eddie Byrne, Managing Director, AG2.

For more information visit: www.ag2.ie or contact us today;
info@keypasco.com | +46 31 10 23 60

Mats Augurell New Senior Advisor for Keypasco

Mats Augurell, CEO of Alektum, takes the role of Senior Advisor for Swedish IT security company Keypasco. Through this, Keypasco will get the support needed to go from innovative newcomer to the obvious choice.

Keypasco has been active since 2010 and has, with their unique patented solution, established themselves as an important player in the market of authentication solutions. In the early years, the focus was on developing and refining the solution for different applications. Today, when the Keypasco Solution is in place, and what started as an idea provides secure authentication for millions of users worldwide, it’s time to focus on growth.

Mats Augurell has been CEO of Alektum Group AB since 2015. He is specialized in strategic advice, business development and has been involved in several growth funds and investment companies. Mats Augurell has over twenty years of experience as CEO and Entrepreneur. He has carried out everything from investments in companies to mergers and acquisitions and has since 1995 been a member of some 70 corporate boards. He has, among other things, been Senior Vice President of the Sixth Swedish National Pension Fund.

Mats Augurell has extensive experience in supporting and leading innovative companies on the journey from small start-up companies to stock market success. With Mats Augurell as Senior Advisor for the upcoming growth phase, Keypasco gets an invaluable benefit from his profound experience and knowledge.

“It is very pleasing that Mats wants to take on this role. It strengthens our confidence even more when such an outstanding and experienced person as Mats so clearly shows that he believes in our product. Mats has a major international contact network, many years of experience in coaching start-up companies during their growth, financing and exit strategy; This is a great asset for Keypasco.”
Maw-Tsong Lin, CEO, Keypasco

For more information, contact us today;
info@keypasco.com | +46 31 10 23 60

Meet up at TRUSTECH

To showcase the Keypasco Solution we will once again attend one of the worlds largest annual events dedicated to trust-based technologies – TRUSTECH. The event attracting visitors from all over the world takes place at the Palais des Festivals in Cannes on the French Riviera, November 28-30.

Welcome to stop by our booth to talk about secure authentication, and to get a live demonstration of the Keypasco Solution. And do not miss the opportunity to listen to our COO, Per Skygebjerg, when he talks about the Keypasco Mobile PKI solution at the Innovation Stage. Pre-book a meeting with Keypascos representatives on site, or just stop by our booth to say hello. Keypasco can be found at booth LERINS D 030.

We look forward to seeing you!
The Keypasco team

For more information, contact us today;
info@keypasco.com | +46 31 10 23 60

Learn more about TRUSTECH at the event website >

PSD2 – Strong Customer Authentication

In February 2017, the European Banking Authority (EBA) published the final draft of the Regulatory Technical Standards on Strong Customer Authentication and Common and Secure Communication under the revised Payment Services Directive (PSD2).

Maybe not the most selling title, but it is nevertheless important that your services use a security solution that meets the requirements. Let us tell you how the Keypasco Solution complies, and exceeds these new requirements for Strong Customer Authentication.

Why is Strong Customer Authentication needed?
PSD2 regulates how financial institutes and third-party services receive customer data information. The revised directive will allow new players access to consumers’ payment accounts, to make payments on their behalf, and to provide them an overview of their various payment accounts. The institutions holding the payment account of the consumer will have to provide these new players access to the account. As a natural consequence, the customer authentication requirements are strengthened.

”The implications will be severe for those companies that will not comply with the new EU- regulations in terms of PSD2. The direct implications will be sanctions and fines against those companies.”
Ria Vadpa / EU-commission in Brussels

Strong Customer Authentication requirements
If you are a Payment Service Provider you are, according to PSD2, required to authenticate a user when he or she; accesses an online payment account, initiates an electronic payment transaction or carries out an action through a remote channel that may imply a risk of payment fraud.


Transaction protection

It is unfortunately not uncommon with attacks where the amount, and payee have been altered, and then unwittingly confirmed by the user. For example, on mobile devices, this type of malicious attacks often use overlay windows. To prevent this kind of attacks, it is stated that the payment transaction data needs to be protected throughout all the phases of authentication.

"...payment service providers shall adopt security measures which ensure the confidentiality, authenticity and integrity…through all phases of authentication…”
PSD2, article 2

The Keypasco Solution:

Keypasco's mobile SDK can be used either as a specific authentication app, using a two-app interface for communicating with the payment app, or be included directly in the payment application. In any case, out-of-band communication through a secure and double encrypted channel is used for displaying the payment information.


Authentication elements
The basic definition of Strong Customer Authentication in PSD2 states that authentication has to be based on the use of two or more possible authentication elements. These elements are knowledge, possession and inherence often explained as something only the user knows, has and is. These elements must be independent from each other, and their usage must generate a one-time authentication code.

In the case of a payment transaction, the authentication code must be dynamically linked to the amount and the payee. If the payment amount or payee changes, the authentication code should change too.

The Keypasco Solution:

The Keypasco Solution utilizes all of these three elements. The basic factors include the PIN code, device ID, PIN code and / or the user’s fingerprint.

In addition to this, the Keypasco Solution has the opportunity to further enhance security by adding the user’s geolocation, history, and a proximity device as additional authentication factors.


The possession element requirements
Requirements related to the possession element are particularly relevant for mobile devices, such as smartphones and tablets. It is stated that possession elements "shall be subject to measures to prevent replication of the elements".

Mobile applications are easy to clone; in fact, entire mobile devices can be cloned without even having physical access to the device. A countermeasure can be to take device properties into account when generating an OTP or encrypting data used by the app.

The Keypasco Solution:

The foundation of the Keypasco solution, the patented six-level device ID uses besides device properties, five other layers to create a robust device ID. Every clone will be detected by us.

What about encrypting data then? Keypasco takes this security level one step further. The private key of the asymmetric key pair used for authentication code creation and digital signatures isn't stored on the mobile device. Where competitors store the entire private key somewhere on the device, Keypasco splits the private key into two parts; one part is stored on the server, and the other part on the mobile device. This second part is encrypted with the user's PIN code or some biometric property.


Independence of authentication elements
The PSD2 requirements regarding the independence of various authentication elements are especially important in the context of mobile devices.

If any elements of strong customer authentication or the authentication code is used through a multi-purpose device, like a mobile phone or tablet, the payment service providers shall adopt security measures to mitigate the risk resulting from the device being compromised.

For this purposes, the mitigating measures shall include, but not be limited to;

  • the use of separated secure execution environments through the software installed inside the multi-purpose device
    • This states that secure execution environments can be used. Mobile operating systems like Android and iOS meet this requirement via their sandboxing techniques. However, these mechanisms are only functioning correctly as long as the device is not jailbroken or rooted.
  • you must have mechanisms to ensure that the software or device has not been altered by the payer or by a third-party or have mechanisms to mitigate the consequences of such alteration where this has taken place.
    • This means that you as a Payment Service Providers must use security controls to detect, prevent and respond to the alteration of mobile apps and devices.

The so called "runtime application protection techniques" can accomplish this level of control, and also aid in detecting whether the device is run simulated and used through an emulator.

The Keypasco Solution:

The execution environment protection of Keypasco's mobile SDK not only detects whether or not a device has been rooted or jailbroken, it also provides continuous runtime monitoring that detects whether a debugger has been attached to the application - i.e. the possibility that sensitive data is retrieved from the memory as the application runs.

Moreover, Keypasco's SDK has for many years been able to detect every single mobile device emulator software in the world. This is a vital part to the security of any authentication software executing on mobile devices. Through internal and external testing facilities, we continuously update our simulator detection and execution environment protection.


Transaction risk analysis
PSD2 mandate the usage of transaction risk analysis based on such as, known fraud scenarios, signs of malware infection, and payment amount. Exemptions from risk analysis and Strong Customer Authentication are mentioned for payments that are rated as low-risk purchases by the payment service provider.

The transaction risk assessment should take payment patterns, location and time into account. Even though the maximum payment amount that can be exempted from Strong Customer Authentication is 500 euros, there is a lot of uncertainty and ambiguity regarding what a low-risk amount is. For instance, one factor that weighs heavily on which amount is considered to be a low-risk amount is the fraud rate of the payment service provider.

The Keypasco Solution:

The cost of the Keypasco Solution is by default based on the number of end-users, not the number of transactions. Therefore, a payment service provider using the Keypasco Solution can provide Strong Customer Authentication to every single transaction, regardless of the payment amount, for the same cost.

A core feature of the Keypasco solution is the device based risk engine. Traditional risk engines use probabilistic algorithms that calculate and estimate decisions based on times, transaction type etc. This leads to a certain percentage of false positives that cause inconvenience for all parties involved. The Keypasco's risk engine makes decisions directly based on device data containing device ID, location, time and behavioural history.

In this way, a device that has been used for fraudulent activities for one payment service provider becomes immediately blacklisted and denied access when it appears elsewhere as well. This can provide a single service provider, using the Keypasco Solution, protection and information that greatly exceed what can be obtained by collecting data exclusively from their own users' devices.


What about SMS OTP and other authentication solutions?

There are several other authentication solutions, which could meet the PSD2 requirements of Strong Customer Authentication. Here are some of them, along with the reason why the Keypasco solution does not utilize these:

  • OTP – very insecure, vulnerable to attacks and brings additional cost for the payment service provider.
  • Hardware tokens (one-button OTP generator, PIN challenge-response token, smart card reader etc.) – brings large additional costs for the payment service provider; purchase, distribution, maintenance. Also, they are inconvenient for the end-user.

Get a step closer to secure authentication for your online services, contact us today!

info@keypasco.com | +46 31-10 23 60

 

Are your services PSD2 compliant?

Maybe you already have full control of PSD2, and what it means for you, and your business? If not, no need to worry. Our security solution is PSD2 compliant!

We put together a short summary of the new regulation to give you an overview of what it’s all about.

What is PSD2?
The EU Payment Services Directive, PSD2, has been submitted by the European Banking Authority (EBA) and regulates how financial institutes and third-party services receive customer data information.

PSD2 will allow new players access to the consumers’ payment account to make payments on their behalf and to provide them an overview of their various payment accounts. The institutions holding the payment account of the consumer will have to provide these new players access to the account, for example via an API.

Why PSD2?
The purpose of PSD2 is to make payments safer, increase consumer protection, and create an environment for innovation and competition on equal terms for all players, both established and new ones.

With PSD2 the aim is to reduce the risk of fraud for electronic transactions using Strong Customer Authentication, and enhancing the protection of the consumers’ data.

Strong Customer Authentication
One of the most important things in PSD2 is the need to perform strong authentication of users of electronic payment services.

For all electronic transactions this means that two, or more of the following independent elements must be used:

  • Knowledge – Something only the user knows like password or PIN
  • Possession – Something only the user possesses, the key material
  • Inherence – Something the user is like fingerprint or voice recognition

Strong Customer Authentication will have to be applied each time the user makes a payment, unless:

  • The payment amount is less than, at the moment € 30
  • The beneficiary is already identified

And the first time, and at least every 90 days a user consult their payment account, or an aggregated view of their payment accounts, using an additional service.

Dynamic linking
For secure remote Internet or mobile transactions, you will also need a unique authentication code that dynamically links the transaction to a specific amount and a specific payee.

Fraud protection
PSD2 also implies that you have to detect signs of malware infection in any sessions of the authentication procedure.

When does PSD2 apply?
PSD2 applies to all transactions made, where at least one party is located within the EU, and to all official currencies.

Are you concerned?
This is just the short version. Contact us today for more information. The Keypasco Solution meets all PSD2 requirements and can ensure that your services are PSD2 compliant.