Three security principles to meet PSD2 (EU) and RBI (India) security regulations for remote payments and avoid theft, scams, and any other loss of funds:
1) SCA: Strong Customer Authentication using crypto: User enters his SWIM PIN code or Fingerprint, in his/her SWIM Service app installed on personal device with:
- Public and Private key pairs
- Device binding
- Root and jail breaking detection
- SIM binding
2) Backup keys: Security evaluated key management architecture validated by Card Schemes recommended Security Evaluation Labs.
3) Encrypt all critical data and provide mobile to host data confidentiality and non-repudiation.