Prevention of Unauthorized Access to Personal Data in the Banking Sector and Strong Authentication

Considering that services are actively being “digitized”, it is critical that the digital space is secure and the customer is protected from pecuniary and non-pecuniary damage caused as a result of cybercrime. Protection of personal data, as well as bank secrecy, are important issues and are necessary to protect the interests of consumers as well as to ensure best business practices and financial stability. The paper discusses digital financial services and mechanisms of remote access to payment accounts. It develops debate over the European Union's concept of strong authentication and additional security for digital services; Based on the comparative analysis of the Georgian regulation, the importance of elements of strong authentication, technical security means, and the scope of liability when initiating transactions remotely are explained.

1. Bentotahewa, V., Hewage, C., Williams, J., Solutions to Big Data Privacy and Security Challenges Associated With COVID-19 Surveillance Systems, Cardiff Metropolitan University, Cybersecurity and Privacy, Volume 4, 2021, https://doi.org/10.3389/fdata .2021.645204;
2. Brooks, C., Alarming Cyber Statistics for Mid-Year 2022, That You Need to Know, Forbs, Jun 3, 2022, https://bit.ly/3Bf2L9r;
3. Chase, C., Take Control Over Your Facebook Security Settings and 2FA, Monday, November 11 2019, https://www.directive.com/blog/take-control-over-your-facebook-security-settings-and-2fa.html;
4. Curry, D., Mobile Payments App Revenue and Usage Statistics (2022), May 4, 2022, https://www.businessofapps.com/data/mobile-payments-app-market/;
5. Demirgüç-Kunt, A., Klapper, L., Singer, D., Ansar, S., Financial Inclusion, Digital Payments, and Resilience in the Age of COVID-19, Global Index Database 2021, International Bank for Reconstruction and Development, The World Bank, 2022;
6. Julija A., 10+ Apple Pay Statistics That Show Mobile Payments Are the Future, Fortunly, March 10, 2022, https://fortunly.com /statistics/apple-pay-statistics/#gref;
7. M'Raihi, D., Machani, S., Pei M., Rydel, J., TOTP: Time-Based One-Time Password Algorithm; Informational, RFC 6238, 2011, https://www.rfc-editor.org/rfc/rfc6238;
8. Nath, A., Tanushree, M., Issues and Challenges in Two Factor Authentication Algorithms, International Journal of Latest Trends in Engineering and Technology (IJLTET) Vol. 6, Issue 3, 2016;
9. Nimmer, R. T., The Legal Landscape of E-commerce: Redefining Contract Law in an Information Era, Journal of Contract Law, Conference -`Contract and the Commercialization of Intellectual Property 2006, Singapore Academy of Law and Singapore Management University;
10. Rice, P., Civil Liability Theories for Insufficient Security Authentication in Online Banking, DePaul Business and Commercial Law Journal, Vol. 10, Issue 3, 2012, https://core.ac.uk/ download/pdf/232971164.pdf;
11. Singh, R., Two-factor Authentication: Solution to Times Past or Present the Debate Surrounding the Gramm-leach-bliley Security Safeguards Rule and the Methods of Risk Assessment and Compliance, A Journal of Law and Policy for the Information Society, Vol. 2, No. 3, 2006, https://kb.osu.edu/bitstream/handle/1811/72742/ISJLP_V2N3_761.pdf?sequence=1&isAllowed=y;
12. Swan, K., Multifactor Authentication: Access Control Made Easy? 123-125, Georgetown Law Technology Review, Vol. 2, Issue 1, 2017, https://heinonline.org/;
13. Twasokun, B., A Fingerprint-Based Scheme for ATM User Authentication, International Journal of Information Security and Cybercrime, Vol. 5, Issue No. 2, 2016, https://www.ijisc.com/year-2016-issue-2-article-7/;
14. Vaithyasubramanian, S. Christy, A., Saravanan Sathyabama, D., Two Factor Authentication for Secured Login in Support of Effective Information Preservation and Network Security;
15. Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on Payment Services in the Internal Market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No. 1093/2010, and repealing Directive 2007/64/EC (Text with EEA relevance), https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32015L2366;
16. Directive 2007/64/EC of the European Parliament and of the Council of 13 November 2007 on Payment Services in the Internal Market Amending Directives 97/7/EC, 2002/65/EC, 2005/60/EC and 2006/48/EC and repealing Directive 97/5/EC (Text with EEA relevance), https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32007L0064;
17. Regulation (EU) No 260/2012 of 14 March 2012 Establishing Technical and Business r=Requirements for Credit Transfers and Direct Debits in Euro and Amending Regulation (EC) No 924/2009, https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2012:094:0022:0037:en:PDF;
18. 1969, First ATM opens for business, https://bit.ly/3CYxyZq;
19. Law No. 121 of 1996 On Commercial Bank Activites, https://matsne.gov.ge/document/view/32962?publication=40;
20. Association Agreement of 2014 between the European Union and the European Atomic Energy Community and their Member States, of the one part, and Georgia, of the other part, https://matsne.gov.ge/ka/document/view/2496959?publication=0;
21. Order No. 156/04 of the President of the National Bank of Georgia of 2020 on Approval of Rules for the Strong Customer Authentication, https://matsne.gov.ge/document/view/4983845?publication=0;
22. Order No. 50 of 2021 of the Head of the State Security Service on Establishing the Rules for Checking the Security of the Organization and/or the Appropriate Employee Seeking Authorization for the Conducting Information Security Audit and/or Information System Penetration Testing;
23. Ordinance No. 646 of 2021 of the Government on Establishing the Minimum Information Security Requirements for Critical Information System Subject of the Third Category;
24. Order No. 3 of 2021 of the Chairman of the Digital Governance Agency on the Establishing Minimum Standards for the Information Security Manager of Critical Information System Subject of the Third Category;
25. Order No. 5 of 2021 of the Chairman of the Digital Governance Agency on Establishing the Rules for Conducting an Information Security Audit of the Critical Information System Subject of the Third Category;
26. Order No. 9 of 2021 of the Chairman of the Digital Governance Agency on Establishing the Procedure and Periodicity of the Information System Penetration Testing of the Critical Information System Subject of the Third Category;
27. Government Ordinance No. 646 of 2021 on Approval of the List of Critical Information Systems Subjects of the First, Second and Third Categories, https://matsne.gov.ge/document/view/5346058?publication=0.
28. Ordinance No. 85 of 2022 of the Government of Georgia on Establishing the Rules for Classifying Computer Incidents;
29. Consumer rights are regulated by the 2022 Law on Protection of the Consumer Rights https://matsne.gov.ge/document/view/5420598?publication=0;
30. Add a Debit or Credit Card to Google Pay, https://support. google.com/wallet/answer/12058983?hl=en#zippy=%2Cwith-the-google-wallet-app;
31. Electronic Payment Instruments, Schemes and Arrangements - European Central Bank, https://www.ecb.europa.eu/paym/pol/activ/instr/html/index.en.html;
32. Everything You Need to Know about PSD 2, https://www.bbva.com /en/everything-need-know-psd2/;
33. How to Add a Card for Apple Pay on Your iPhone, https://support. apple.com/en-us/HT204506;
34. Infographic - Top Cyber Threats in the EU – European Council, https://www.consilium.europa.eu/en/infographics/cyber-threats-eu/;
35. Law No. 632-IVms-Xmp on Amendments to the Law of Georgia on Information Security, https://matsne.gov.ge/ka/document/view /4989158?publication=0;
36. Opinion of the European Banking Authority on the Elements of Strong customer authentication under PSD2, 21 June 2019, https://www.eba.europa.eu/;
37. PSD3: What to Expect Based on the European Banking Authority Opinion, Insights, Sidley Austin LLP, July 7, 2022;
38. Security Starts with Identity (RSA), https://www.rsa.com/;
39. Visa Secure for Merchants and Issuers with EMV® 3-D Secure, https://vi.sa/3RTQ8q7;
40. Why are Encryption and 2FA Essential for your Business? Eset Digital Security Guide, 5 Jun 2020, https://digitalsecurityguide.eset.com/en-uk/why-are-encryption-and-2fa-essential-for-your-business;
41. Explanatory Note of the Euro Banking Association - B2B Data Sharing: Digital Consent Managment as a Driver for Data Opportunities - EBA Open Banking Working Group, https://www.abe-eba.eu/epaper /epaper-EBA_Paper_Open_Banking/epaper/EBA_Open_Banking.pdf;
42. Euro Banking Association Guidelines regarding Open Banking, https://bit.ly/44XSuKK; Guidelines of “Open Banking” for Georgia, http://www.association.ge/bank-projects- detail/10/ghia-bankingi;
43. Order No. 32/04 of the President of the National Bank of March 9, 2021 on the Approval of the Rules for Consumer Rights Protection in Rendering Services by Financial Institutions, https://matsne.gov.ge/document/view/5117792?publication=0;
44. Order No. 48/04 of the President of the National Bank on the Approval of the Rules for the Electronic Implementation of Preventive Measures by an Accountable Person;
45. Strong Customer Authentication - Financial Education Portal, https://www.finedu.gov.ge/ge/momkhmareblis-dzlieri-avtentifikatsia-1;
46. Statistics of use of card instruments, National Bank of Georgia, https://bit.ly/3AOOgI3.
47. Explanations of the National Bank of Georgia – “Regarding the Rules for Strong Customer Authentication - Questions and Answers to them”;
48. https://bit.ly/3q8gJno;
49. https://cloud.googleblog.com/2010/09/a-more-secure-cloud-for-millio ns-of.html;
50. https://ec.europa.eu/commission/presscorner/detail/en/MEMO_15_5793;
51. https://pay.google.com/about;
52. https://www.apple.com/apple-pay;
53. https://www.worldbank.org/en/publication/globalfindex.