A digital security point of view for the digital business era

VeinID and Hitachi’s Object Store are the Perfect Durable Medium Solution

15 May 2017

Durable Medium Through the EU’s :
• Payment Services Directive 2 (PSD2) ,
• Markets in Financial Instruments Directive (MiFID) ,
• Distance Marketing Directive (DMD);

Pre-agreement or agreement related information (including changes to agreements) that is customised and addressed personally to individuals, needs to be properly available to those individuals for some relevant time period.

This is especially important when we consider the increasing demand from consumers and professionals to move away from paper based communications.

PSD2 is a revision of the 2007 PSD (for regulating payment services in the EU/EAA) and is designed to bring about vital changes that will help to digitalise the payments industry.

MiFID is wider in scope and aims to increase transparency across the EU’s financial markets by the creation of a regulatory framework that protects investors.

DMD is concerned with distance contracts for financial services that are concluded between a supplier and a consumer. In this context, a “financial service” can be the provision of any kind of service of a banking, payment, credit, insurance or personal pension nature.

In paper less operations, providers subject to the above directives are required to store the provided electronic information in a way that is accessible for future reference for a period of time that is adequate for the purposes of the information and which allows the unchanged reproduction of the information stored.

The traditional approach to satisfy these requirements is to provide paper copies of all documents but this goes against the goals of digital enablement.

The EU’s Attorney General, Michal Bobek, issued an important opinion in September 2015, declaring that the use of e-banking mailboxes (favoured by many organisations) did not address the requirements of durable medium.

Hitachi’s object store (HCP) addresses the problem very neatly. It allows the original documents along with any future amendments to be stored safely as individual, encrypted files, protected from being amended according to a pre-defined policy (such as access rights, period of storage etc.).

The object store can be connected to e-mail, web and file servers and via HCP Anywhere, individual objects can be accessed on mobile devices.

For those documents that require each party’s signature, we can enable digital signature creation using VeinID to authenticate the signature.

This quick and convenient process addresses the strong authentication requirement of PSD2 and puts an end to the potential problems that arise when credentials (e.g. PIN, password, token etc.) are shared among individuals during transaction authorisation.

VeinID combined with Hitachi’s object store can be key components to help financial organisations to implement compliant digital services.

For further information or to discuss with Hitachi, please contact: