Top 10 Fintech & Payment Terms for 2022

If you’ve been in the industry a while, you’re probably already speaking in acronyms: I was so excited when the EBA pushed out the PSD2, finally regulating PSPs and EMIs to follow new SCA compliance rules!

But for those of you new to the world of payment security, such a sentence was probably hard to follow. That's why we’ve put together this blog post, not only as a shameless introduction to the new Glossary section on the Okay website, but as a great way to review some of the fintech and payment industry terms you should know.

Before we start, let’s first begin with the word of the industry: Fintech. Short for ‘financial technology’, it encompasses the technology and innovation aiming to compete with traditional financial methods in the delivery of financial services. Fintech is still considered an emerging industry both because the banking industry is still quite old-school, and the technology incorporated in our everyday lives is evolving at an astonishing rate. 

For example, you are now able to make bank payments through your phone, but have you thought about the software that supports it? The security measures in place to protect your private information when you log into an account? Or the habits you have formed impacting how you pay and what you pay with? This is why the fintech and open-banking industry is a big one, with far reaching limits and massive growth potential. 

As such, whether you are a private individual, a bank, a hacker, or a government, it is an industry you should be getting familiar with. And to get that familiarisation a kick start, we give you 10 highly relevant fintech terms for 2022.

Strong Customer Authentication. SCA is required for login and for transaction authorisation. Under the PSD2 it is handled by the bank administering the account, but the access can be delegated.

The Payment Services Directive 2 (PSD2) is an update from the original directive (PSD) adopted in 2007. The PSD created a single market for payments in the EU, and the foundation for a Single Euro Payments Area (SEPA). The PSD2 aims to improve security and fraud prevention and encourage innovation and competition, creating a Single Digital Market.

Malware is a generic term for software created by criminals to exploit end-users. Malware comes in many forms, but with payments the target is typically to steal credentials, capture data such as text messages used for OTP codes or to modify banking software to trick users with floating windows.

When a customer is authenticating a transaction on a multipurpose device the process has to happen in a secure execution environment, as mandated by the PSD2. Okay is a good example of a secure execution environment provider.

IoT is the Internet of Things, which consists of single-purpose devices. This can be anything from tollbooth tokens to webcams. This type of device can in some cases initiate transactions.

The last 30 years there have been many attempts at establishing Electronic ID solutions, such as BankID in the Nordics. An eID can replace physical identification online, making Know Your Customer (KYC) much simpler and cheaper. A challenge with eID solutions is that they don’t become useful before a sufficiently large percentage of the population can be identified with it.

On Android root access means that a user or malware has the same level of access as the operating system. This means that all files, including protected files, and all memory, including that of other applications, can be read and modified. Root access for malware and root access for users are often confused. On iOS the term jailbreak is used.

This is a class of attacks where the device used by the end-user is compromised. Typical examples of man-in-the-device attacks are malware and viruses which can infect both mobile operating systems and desktop computers.

In computer security reverse engineering is a process through which protocols and executable code is deconstructed and disassembled, potentially revealing sensitive information or allowing for an attacker to make changes.

In cryptography a trust anchor is a key whose security is assumed, and not derived from another key. An example of such an anchor is a key which is created during an enrolment process, and which uniquely identifies a customer and device combination.