DOCSLIB.ORG

Deliverable D4.4: Research and Development Roadmap 2

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Proposal No. 830929 Project start: February 1, 2019 Call H2020-SU-ICT-03-2018 Project duration: 42 months D4.4 Research and Development Roadmap 2 Document Identification Due date 31 January 2021 Submission date 29 January 2021 Revision 3.0 Related WP WP4 Dissemination Public Level Lead FORTH Lead Author Evangelos Markatos Participant (FORTH) Contributing AIT, Atos, ATOS, Related D4.1, D4.3 Beneficiaries BBVA, CNR, Deliverables Dawex, DTU, ENG, FORTH, ISGS, JAMK KUL, NTNU, POLITO, SIE, SINTEF, TDL, UCY, UM, UMA, UMU, UNITN, UPRC CyberSec4Europe D4.4 Research and Development Roadmap 2 Abstract: This is the second of a sequence of three research and development roadmaps of the CyberSec4Europe project. The goal of this roadmap is to identify major research challenges in the verticals of the project, and to explain what is at stake and what can go wrong if problems are left unsolved. The verticals studied are: (i) Open Banking, (ii) Supply Chain Security Assurance, (iii) Privacy-Preserving Identity Management, (iv) Incident Reporting, (v) Maritime Transport, (vi) Medical Data Exchange, and (vii) Smart Cities. For each vertical we identify the research challenges that need to be addressed and group them according to time in three phases: short term (12 months), medium term (until the end of the project), and long term (beyond the end of the project). To emphasize the European nature of these roadmaps, each vertical clearly demonstrates how it can contribute to dimensions with significant European impact including European Digital Sovereignty, the COVID-19 pandemic, and the European Green Deal. Finally, a SWOT (Strengths, Weaknesses, Opportunities and Threats) Analysis clearly demonstrates how Europe can approach the research in each area, what are the hurdles in the way, what are the strengths that can be exploited, and what can be expected at the end. This document is issued within the CyberSec4Europe project. This project has received funding from the European Union's Horizon 2020 Programme under grant agreement no. 830929. This document and its content are the property of the CyberSec4Europe Consortium. All rights relevant to this document are determined by the applicable laws. Access to this document does not grant any right or license to the document or its contents. This document and its contents are not to be used or treated in any manner inconsistent with the rights or interests of the CyberSec4Europe Consortium and are not to be disclosed externally without prior written consent from the CyberSec4Europe Partners. Each CyberSec4Europe Partner may use this document in conformity with the CyberSec4Europe Consortium Grant Agreement provisions and the Consortium Agreement. The information in this document is provided as is, and no warranty is given or implied that the information is fit for any particular purpose. Anyone using the information does so at their own sole risk and liability. ii CyberSec4Europe D4.4: Research and Development Roadmap 2 Executive Summary In the context of the CyberSec4Europe project, we publish a yearly research and development roadmap. Unlike other similar road mapping activities, which may aim to cover all (or most) aspects of cybersecurity, our roadmaps aim to explore emerging threats and to prioritise research directions, mainly in the areas of the seven verticals that have been identified in the project: (i) open banking, (ii) supply-chain security assurance, (iii) privacy-preserving identity management, (iv) incident reporting, (v) maritime transport, (vi) medical data exchange, and (vii) smart cities. Our first roadmap (Deliverable D4.3) was published in 2020 and focused on landscaping the research areas of the verticals and establishing the most important priorities [Markatos 2020]. This document, the second roadmap in the series, focuses on 1. updating the research priorities, introducing any new research topics, and possibly readjusting the ranking of existing ones 2. providing a SWOT analysis that builds on strengths and addresses shortcomings: o what are the strengths of Europe in these verticals? o what are the weaknesses? o what (global) opportunities may exist? o what threats should we be careful of? 3. explaining how the chosen research priorities interact with the important dimensions of European policies in 2020-2021 as they relate to: o the European Digital Sovereignty, o the new reality imposed by COVID-19, and o the Green Deal. How to read this document To provide a uniform approach to the roadmap, each vertical is covered in one section starting from section 3 all the way to section 9. In the interests of homogeneity, subsections are structured as follows: • Subsections1 *.1 provide the big picture of the vertical. • Subsections *.2 provide an overview. • Subsections *.3 describe what is at stake for each vertical. • Subsections *.4 describe the attackers. • Subsections *.5 describe the research challenges and provide background information. More specifically: o Subsections *.5.1 describe the state of the art for each vertical and subsections *5.2 indicate the final goal; o Subsections *.5.3 provide a SWOT analysis; o Subsections *.5.4 explain how each vertical contributes to European Digital Sovereignty; o Subsections *.5.5 describe the interactions with COVID-19; o Subsections *5.6 describe the interactions with the Green Deal; and o The remaining subsections of *.5 describe the research challenges. 1 When we write *.1 we mean subsections 3.1, 4.1, 5.1 etc. until subsection 9.1. When we write *.2 we mean subsections 3.2, 4.2, 5.2, … 9.2, and so on and so forth. iii CyberSec4Europe D4.4 Research and Development Roadmap 2 • Subsections *.6 describe the mapping of the challenges to the big picture. • Subsections *.7 describe the methods and tools for the research challenges. • Subsections *.8 provide the roadmap for each vertical. Each roadmap is structured in three phases: o Short-term, o Medium-term, and o Long-term, • Finally, subsections *.9 provide a summary of each vertical. To place this work in context, Section 10 provides progress with respect to work reported in the first Roadmap (D4.3 [Markatos 2020]. Finally, section 11 surveys roadmaps (or similar research priorities documents) that were published in 2020 including ENISA2’s annual cybersecurity prioritisation document [ENISA 2020B], Europol’s annual publication IOCTA (Internet Organized Threat Assessment), which lists the evolution of the threats in cybercrime [EUROPOL 2020], JRC3’s Digital Anchor, SPARTA’s Roadmap, etc. We hope that this document will be a useful tool for people who are interested in studying and understanding (i) the importance and (ii) the European dimensions of the research challenges in the vertical areas of the project. 2 ENISA is the European Network and Information Security Agency 3 JRC is the Joint Research Centre (of the European Commission) iv CyberSec4Europe D4.4: Research and Development Roadmap 2 Document information Contributors Name Partner Cristina Alcaraz UMA Ahmad Amro NTNU Marco Angelini ENG Elias Athanasopoulos UCY Jorge Bernal UMU Karin Bernsmed SINTEF Panagiotis Bountakas UPRC Vanesa Gil Laredo BBVA Laura Colombini ISGS Said Daoudagh CNR Jérémy Decis DAWEX Christos Douligeris UPRC Carmen Fernández Gago UMA Jesús García UMU Vasileios Gkioulos NTNU David Goodman TDL Christos Grigoriadis UPRC Alba Hita UMU Marko Hölbl UM Wouter Joosen KUL Elma Kalogeraki UPRC Prabhakaran Kasinathan SIE Georgios Kavalieratos NTNU Marko Kompara UM Panagiotis Kotzanikolaou UPRC Stephan Krenn AIT Alberto Lluch Lafuente DTU Antonio Lioy POLITO Eda Marchetti CNR Evangelos Markatos FORTH Per Håkon Meland SINTEF Vincenzo Napolitano ENG Aida Omerovic SINTEF Jani Päijänen JAMK Spyros Papastergiou UPRC Ivan Pashchenko UNITN Juan Carlos Pérez Baún Atos Salvador Perez UMU Rodrigo Roman UMA Michael Salmony TDL Vincenzo Savarino ENG Antonio Skarmeta UMU Rafael Torres UMU v CyberSec4Europe D4.4 Research and Development Roadmap 2 Martin Wimmer SIE Ricarda Weber SIE Christos Xenakis UPRC Susana González Zarzosa Atos Reviewers Name Partner Elias Athanasopoulos UCY Sandro Luigi Fiore UNITN Javier Lopez UMA Kai Rannenberg GUF Ahad Niknia GUF History Version Date Authors Comment 0.01 October 10th 2020 Evangelos Markatos Table of Contents 0.02 October 22th 2020 Rafael Torres and Jesus García Section 5 0.03 October 22th 2020 Alba Hita and Salvador Perez Section 9 0.04 November 4th 2020 Marko Kompara Section 5 0.05 November 4th 2020 Stephan Krenn Section 5 1.0 December 16th 2020 Evangelos Markatos (based on input First version for high-level from all partners) review 2.0 January 15th 2021 Evangelos Markatos (based on input Second version addresses from all partners) the comments of the reviewers 3.0 January 28th 2021 Evangelos Markatos Third version addresses the comments of the PC vi CyberSec4Europe D4.4: Research and Development Roadmap 2 Short Table of Contents: Executive Summary ................................................................................................................................... iii 1 Introduction ...................................................................................................................................... 1 2 Context and Methodology ............................................................................................................... 3 3 Open Banking .................................................................................................................................. 11 4 Supply Chain Security Assurance...................................................................................................
Recommended publications
  • Upi Reference Number Status

    Upi Reference Number Status

    Upi Reference Number Status Biogenous and indocile Shumeet sulfonate rectangularly and muffs his fury proximately and lightly. Oliver still reshape equanimously while smarty Kingsly border that giblets. Driving Joshua generating unmurmuringly, he bunks his bicarbonates very remorselessly. Any sender or recipient to match the UPI transaction ID found because the Google Pay app to the UPI transaction ID on particular bank statement. Vaše údaje môžu byť sprístupnené príjemcom, upi reference number status of hsbc. Retrieving Your hardware Or Transaction Number SparkLabs. Upi Central Bank of India. Order status of intelligence pm, in this option on entering bank account to have upi reference number status of creation of those that involve any. SBI and Amazon could its. We have linked to enter details required to group, your browser as i forget my upi with a recurring transaction history? When you can i link upi reference number status of these data to send to some status of an iban, its paos or cancelled. Have issues with the prans which declines and try again this simple share your message, even a domestic savings bank? Audit Numbers STANs are sometimes required to harness the status of rent refund. Pls help or level have to coast to branch sbi. Hope this status using upi reference number status? Did not confuse utr and budgeting app work if i modify it will terminate. This virtual address will allow history to send find receive facility from multiple banks and prepaid payment issuers. It is problem number used to identify a flat payment. Ifsc of banks will capture, click here that allows to a virtual payment method, you are about? Does not able to use this status for a upi id on upi reference number status.
  • Support for U2F FIDO Tokens in Mobile Applications

    Support for U2F FIDO Tokens in Mobile Applications

    Masaryk University Faculty of Informatics Support for U2F FIDO tokens in mobile applications Bachelor’s Thesis Marek Hrašna Brno, Spring 2019 Masaryk University Faculty of Informatics Support for U2F FIDO tokens in mobile applications Bachelor’s Thesis Marek Hrašna Brno, Spring 2019 This is where a copy of the official signed thesis assignment and a copy ofthe Statement of an Author is located in the printed version of the document. Declaration Hereby I declare that this paper is my original authorial work, which I have worked out on my own. All sources, references, and literature used or excerpted during elaboration of this work are properly cited and listed in complete reference to the due source. Marek Hrašna Advisor: RNDr. Petr Švenda Ph.D. i Acknowledgements I would like to express my gratitude to my advisor, RNDr. Petr Švenda Ph.D. his guidance, patience, and helpful advice throughout the mak- ing of this thesis. iii Abstract One of the biggest security problems on the Internet is the usage of weak credentials, such as passwords, for user authentication. Second- Factor Authentication (2FA) provides a valid answer to this threat. Still, there are many 2FA schemes vulnerable to prominent web threats such as phishing attacks. The U2F protocol provides a phishing-resistant 2FA solution, optionally based on secure hardware elements. This thesis provides an analysis of the security brought by the U2F authen- tication scheme and shows its real-world adaptation in mobile plat- forms. It discusses problems that occur while using commercial tokens implementing this standard and describes the process of installing a U2F applet onto a JavaCard while discussing possible problems that may occur.
  • Arvato Payments Review Essential Insights for E-Commerce Success in New Markets

    Arvato Payments Review Essential Insights for E-Commerce Success in New Markets

    Arvato Payments Review Essential insights for e-commerce success in new markets Cross-border e-commerce is opening up a We examined more than 200 primary sources and compiled the most essential information into a convenient guide to each country. world of opportunities for retailers. You can By combining the figures from a wide variety of research, we could reach out to dozens of new markets, and provide a holistic view – rather than relying on a single source. find millions of new customers. E-commerce Each country guide looks at key demographics and financials, the top also puts a world of choice in the hands online retailers, legal requirements, and consumer behaviour and expectations when it comes to things like delivery and returns. We of consumers, who think nothing of going also look in detail at how consumers prefer to pay in each market, identifying local payment heroes and the optimal mix of payment abroad to find what they want. They might be methods. looking for a better price, a better selection As well as success factors, it is also important to understand the or better service. Give them what they want, downsides. We take a close look at risks in each country in terms of the and the world is yours. types of fraud that can emerge and what you can do to minimise your exposure. But you need to know what you are getting into. The consumers in your new markets can behave completelydifferently to the ones In addition to the country guides, you can also compare markets in you know from home.
  • Automotive QMS Update IATF 16949:2016 September 2016

    Automotive QMS Update IATF 16949:2016 September 2016

    Automotive QMS Update IATF 16949:2016 September 2016 Automotive QMS Update IATF 16949:2016 Ms. Cherie Reiche International Automotive Oversight Bureau IATF Scheme Management Structure 3 Percent Regional Certificate Distribution Valid Certificates per Region [%] 66.6% Asia Pacific Africa0.8% 2.4% South America 9.7% North America 2.6% 17.9% Middle East Europe Africa Asia Europe Middle North South Pacific East America America 4 Distribution of 66,033 certificates (31 August 2016) Note: only countries with greater than 500 certificates are listed on this slide 5 Oversight CBs & Certificates 31st August 2016 Oversight No. CBs Certificate Percentage Count (%) ANFIA 2 1776 ~2.7 (Italy) IAOB 20 21,494 32.5 (USA) IATF France 3 2022 ~3.0 (France) SMMT 6 13,101 19.8 (England) VDA QMC 13 27,639 ~42.0 (Germany) Total 44 66,033 100 6 Disciplined development method for IATF 16949 • Revision work began in December 2014 and was completed in August 2016 • The team completed a 5-Phase approach to revising ISO/TS 16949 into IATF 16949 – Pre-plan; Analyze; Build; Validate; and Deploy • Revision Work Team consisted of 17 global partners from 14 organizations (IATF OEMs, IATF Global Oversight Offices, and others) AIAG IAOB ANFIA IATF France BMW Jaguar Land Rover FCA US LLC (formerly Chrysler) PSA Group FCA Italy S.p.A. (formerly Fiat) SMMT Ford VDA QMC GM VW 7 Changes from ISO/TS 16949 to IATF 16949 New automotive standard: IATF 16949:2016 • IATF 16949:2016 follows the high level structure of ISO 9001:2015 • IATF 16949:2016 must be used in conjunction with ISO 9001:2015 2 separate documents must be used to have all requirements IATF 16949 cannot be used as a stand-alone requirements document • 282 shalls / 16 shoulds in IATF 16949 (292 shalls / 16 shoulds in ISO/TS 16949) • IATF created a transition plan and communicated April 2016 (further revised in August 2016), which will be discussed in more detail later.
  • Douglas Autotech ISO 9001:2015 /IATF 16949 Quality Manual I-4.4-C-AD-P-001

    Douglas Autotech ISO 9001:2015 /IATF 16949 Quality Manual I-4.4-C-AD-P-001

    Title: Quality Manual Document No. Date: Page 1 of 69 I-4.4-C-AD-P- ISO 9001:2015 & IATF 16949 5-6-2020 001 Supplement Revision D 7 Douglas Autotech ISO 9001:2015 /IATF 16949 Quality Manual I-4.4-C-AD-P-001 WEB SITE- http://www.douglasautotech.com Revision Date Person Responsible Description of Change B 12-13-2017 Quality Assurance Mgr. Changes of notification to certification body page 6 of 68. C 1-8-2019 Quality Assurance Mgr. Added note (f) to Internal Auditor Comp. to address NSF CAR #2542, added ref. to DACH internal auditor training material to prove competency in the auditor. D 5-6-2020 Quality Assurance Mgr. Updated Org. Chart Title: Quality Manual Document No. Date: Page 2 of 69 I-4.4-C-AD-P- ISO 9001:2015 & IATF 16949 5-6-2020 001 Supplement Revision D Scope, Field of Application and Process Approach 0.1 General Douglas Autotech has adopted the ISO 9001/IATF 16949 Standard as its base quality management system. This documented manual specifies the quality management systems and procedures that we use. The systems requirements of this manual are aimed at achieving customer satisfaction by consistently providing conforming product and meeting customer requirements through application of the system, continual improvement and the prevention of nonconformity. This Quality Manual conforms to the requirements and elements of the five Clauses contained in the base ISO 9001:2015 /IATF 16949 international standard. Douglas Autotech adheres to the policy statements defined for each Clause and sub-clause or element of the aforementioned standard.
  • 2021 Prime Time for Real-Time Report from ACI Worldwide And

    2021 Prime Time for Real-Time Report from ACI Worldwide And

    March 2021 Prime Time For Real-Time Contents Welcome 3 Country Insights 8 Foreword by Jeremy Wilmot 3 North America 8 Introduction 3 Asia 12 Methodology 3 Europe 24 Middle East, Africa and South Asia 46 Global Real-Time Pacific 56 Payments Adoption 4 Latin America 60 Thematic Insights 5 Glossary 68 Request to Pay Couples Convenience with the Control that Consumers Demand 5 The Acquiring Outlook 5 The Impact of COVID-19 on Real-Time Payments 6 Payment Networks 6 Consumer Payments Modernization 7 2 Prime Time For Real-Time 2021 Welcome Foreword Spurred by a year of unprecedented disruption, 2020 saw real-time payments grow larger—in terms of both volumes and values—and faster than anyone could have anticipated. Changes to business models and consumer behavior, prompted by the COVID-19 pandemic, have compressed many years’ worth of transformation and digitization into the space of several months. More people and more businesses around the world have access to real-time payments in more forms than ever before. Real-time payments have been truly democratized, several years earlier than previously expected. Central infrastructures were already making swift For consumers, low-value real-time payments mean Regardless of whether real-time schemes are initially progress towards this goal before the pandemic immediate funds availability when sending and conceived to cater to consumer or business needs, intervened, having established and enhanced real- receiving money. For merchants or billers, it can mean the global picture is one in which heavily localized use time rails at record pace. But now, in response to instant confirmation, settlement finality and real-time cases are “the last mile” in the journey to successfully COVID’s unique challenges, the pace has increased information about the payment.
  • Security Keys: Practical Cryptographic Second Factors for the Modern Web

    Security Keys: Practical Cryptographic Second Factors for the Modern Web

    Security Keys: Practical Cryptographic Second Factors for the Modern Web Juan Lang, Alexei Czeskis, Dirk Balfanz, Marius Schilder, and Sampath Srinivas Google, Inc., Mountain View, CA, USA Abstract. \Security Keys" are second-factor devices that protect users against phishing and man-in-the-middle attacks. Users carry a single de- vice and can self-register it with any online service that supports the protocol. The devices are simple to implement and deploy, simple to use, privacy preserving, and secure against strong attackers. We have shipped support for Security Keys in the Chrome web browser and in Google's online services. We show that Security Keys lead to both an increased level of security and user satisfaction by analyzing a two year deployment which began within Google and has extended to our consumer-facing web applications. The Security Key design has been standardized by the FIDO Alliance, an organization with more than 250 member companies spanning the industry. Currently, Security Keys have been deployed by Google, Dropbox, and GitHub. An updated and extended tech report is available at https://github.com/google/u2f- ref-code/docs/SecurityKeys_TechReport.pdf. 1 Introduction Recent account takeovers [1{3] have once again highlighted the challenge of securing user data online: accounts are often protected by no more than a weak password [4] and whatever implicit signals (if any) that the online service provider has collected to distinguish legitimate users from account hijackers. Academic research has produced numerous proposals to move away from passwords, but in practice such efforts have largely been unsuccessful [5, 6]. In- stead, many service providers augment password-based authentication with a second factor in the form of a one-time passcode (OTP), e.g., [7, 8].
  • Internationalization Plan for Bizum

    Internationalization Plan for Bizum

    Facultad de Ciencias Económicas y Empresariales INTERNATIONALIZATION PLAN FOR BIZUM Autora: Alejandra Ramírez Amorós Director: Javier Morales Mediano MADRID | Abril 2020 INDEX INDEX .......................................................................................................................................... 1 FIGURES INDEX ......................................................................................................................... 4 TABLES INDEX .......................................................................................................................... 4 GRAPHS INDEX .......................................................................................................................... 4 SUMMARY .................................................................................................................................. 5 INTRODUCTION ......................................................................................................................... 6 METHODOLOGY ........................................................................................................................ 7 PART 1: THE STRATEGY OF BUSINESS INTERNATIONALIZATION .............................. 8 A) CURRENT STATE OF AFFAIRS .......................................................................................... 8 1. The payments industry in Spain ............................................................................................ 8 1.1 History of the traditional payments industry ...................................................................
  • A Tale of Two Studies: the Best and Worst of Yubikey Usability

    A Tale of Two Studies: the Best and Worst of Yubikey Usability

    A Tale of Two Studies: The Best and Worst of YubiKey Usability †∗ ∗ ∗ ∗ z ∗ Joshua Reynolds , Trevor Smith , Ken Reese , Luke Dickinson , Scott Ruoti , Kent Seamons y ∗ z University of Illinois at Urbana-Champaign, Brigham Young University, MIT Lincoln Laboratory [email protected], ftsmith, ken.reese, [email protected], [email protected], [email protected] Abstract—Two-factor authentication (2FA) significantly device that authenticates the user after the user presses a improves the security of password-based authentication. button on the security key [8]. The button tap is a test of Recently, there has been increased interest in Universal 2nd user presence and prevents malware on the host device from Factor (U2F) security keys—small hardware devices that require users to press a button on the security key to authenticate. To using the security key surreptitiously. Most commonly, security examine the usability of security keys in non-enterprise usage, keys are designed to be plugged into a USB port, though we conducted two user studies of the YubiKey, a popular line they can also communicate with other devices using wireless of U2F security keys. The first study tasked 31 participants protocols (e.g., NFC, Bluetooth). with configuring a Windows, Google, and Facebook account to U2F security keys are designed to be easy-to-adopt and authenticate using a YubiKey. This study revealed problems with setup instructions and workflow including users locking use in day-to-day life, while protecting users against phishing themselves out of their operating system or thinking they had and man-in-the-middle attacks [8].
  • Nets' E-Commerce Report 2020

    Nets' E-Commerce Report 2020

    The E-commerce Report 2020 Chapter name Table of contents Payments The Market Consumers Preferred payments - Austria ............................... 5 The e-commerce market in 2020 ...................... 14 Why do we shop online? ....................................... 19 Preferred payments - Denmark .......................... 6 Turnover 2020 .............................................................. 15 Enter the time machine of e-commerce ...... 20 Preferred payments - Finland ............................... 7 Distribution of spending pr. country ................. 16 Do we shop more online due to Covid-19? ... 21 Preferred payments - Germany .......................... 8 Why do we cancel online purchases? ........... 22 Preferred payments - Norway ............................. 9 Shopping abroad? ...................................................... 23 Preferred payments - Poland ............................. 10 From where do we purchase abroad? ...........24 Preferred payments - Sweden ............................ 11 Why do shoppers purchase from abroad? 25 Preferred payments - Switzerland ................... 12 What stops us shopping from abroad? ........ 26 What 2020’s online consumers showed us 27 Method Nets E-commerce report is a statistical report that provides analyses of the e-commerce market in the Nordic countries, the DACH-region and Poland. The report is based on a survey that was conducted by Kantar/Sifo for Nets from June-December 2020 with 50 interviews/week, with more than 11000 internet users in Austria, Denmark,
  • Of Two Minds About Two-Factor: Understanding Everyday FIDO U2F

    Of Two Minds About Two-Factor: Understanding Everyday FIDO U2F

    Of Two Minds about Two-Factor: Understanding Everyday FIDO U2F Usability through Device Comparison and Experience Sampling Stéphane Ciolino, OneSpan Innovation Centre & University College London; Simon Parkin, University College London; Paul Dunphy, OneSpan Innovation Centre https://www.usenix.org/conference/soups2019/presentation/ciolino This paper is included in the Proceedings of the Fifteenth Symposium on Usable Privacy and Security. August 12–13, 2019 • Santa Clara, CA, USA ISBN 978-1-939133-05-2 Open access to the Proceedings of the Fifteenth Symposium on Usable Privacy and Security is sponsored by USENIX. Of Two Minds about Two-Factor: Understanding Everyday FIDO U2F Usability through Device Comparison and Experience Sampling Stéphane Ciolino Simon Parkin Paul Dunphy OneSpan Innovation Centre University College London OneSpan Innovation Centre & University College London [email protected] [email protected] [email protected] Abstract words and tokens) is widely recognized as an effective tech- Security keys are phishing-resistant two-factor authentica- nique to protect both corporate and personal online accounts tion (2FA) tokens based upon the FIDO Universal 2nd Factor against account hijacking threats. Indeed, there are already ex- (U2F) standard. Prior research on security keys has revealed amples of citizens being advised to use Two-Factor Authenti- intuitive usability concerns, but there are open challenges to cation (2FA) by government agencies (as in the UK [35]). The better understand user experiences with heterogeneous de- most common second factor is a One-Time Passcode (OTP) vices and to determine an optimal user experience for every- received via a text message to a mobile device [5].
  • The Determinants of Paytech's Success in the Mobile Payment

    The Determinants of Paytech's Success in the Mobile Payment

    Journal of Risk and Financial Management Article The Determinants of PayTech’s Success in the Mobile Payment Market—The Case of BLIK Joanna Błach 1,* and Monika Klimontowicz 2 1 Department of Corporate Finance and Insurance, Faculty of Finance, University of Economics in Katowice, ul. 1 Maja 50, 40-287 Katowice, Poland 2 Department of Banking and Financial Markets, Faculty of Finance, University of Economics in Katowice, ul. 1 Maja 50, 40-287 Katowice, Poland; [email protected] * Correspondence: [email protected] Abstract: FinTech and its interaction with banking is widely discussed today as a new phenomenon notwithstanding the relationship between technology and financial services is not a new topic. Most of the research focuses on innovations and determinants of their adoptions including among other innovations in the payment system. The studies dedicated directly to PayTechs as a special kind of a FinTech entity and its market activity are a relatively new field of research. This paper aims to fill this gap. The multidimensional character of this exploratory research causes the necessity to apply various research methods, including both inductive and deductive methods, together with comparative analysis. The theoretical analysis conducted in the paper for defining PayTechs from the perspective of business model and market behavior was based on an in-depth literature review. In this section, the inductive method and comparative analysis were mostly applied. The empirical part of the paper includes the analysis of quantitative data published by the National Bank of Poland (NBP), Central Statistical Office (GUS), and Bank for International Settlements (BIS).