View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cloud
October 16, 2018updated 17 Oct 2018 1:12pm

As PSD2 Deadline Looms, Is It Time to Jump in a Sandbox?

"Essentially an orchestration script that automates an entire configuration"

By CBR Staff Writer

Denver-headquartered Ping Identity has launched a private sandbox for UK financial services sector actors to safely test and deploy the tools they need to be compliant with Open Banking security requirements.

The launch is the latest addition to a range of industry toolkits (Konsentus launched a similar sandbox last month) intended to help financial services actors make sure they are PSD2-compliant ahead of a March 2019 deadline.

What Happens in March?

In November 2017 the European Commission published its final technical standards on “Strong Customer Authentication” and “Common Secure Communication” under the revised Payment Services Directive (PSD2), which we’ll refer to hereafter simply as Open Banking.

These rules come into force on 14 March 2019.

They mean, in short, that if you want to do API-powered Open Banking or generally be part of a rapidly evolving new payments landscape, then you need to prove you can do it securely.


Computer Business Review will refrain from drowning readers in an alphabet soup of payment service acronyms (if you are already ready for the RTS for PSD2 and how it applies to ASPSPs, AISPs and PISPs, we salute you).

Ping Identity sandbox

Ping Identity CEO Andre Durand

Essentially, however, as Open Banking creates an API-powered financial services ecosystem, security has grown increasingly important.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

See also: The Old Lady Roadblock: Bank of England IT “Archaic” and Hindering Payments Innovation

Yet API security itself remains – as Ping Identity CEO Andre Durand put it to Computer Business Review – “really greenfield for the whole industry”.

He added: “Open Banking in general is purely an API framework. Understanding what ‘normal’ looks like [in terms of API calls] and being able to notice ‘abnormal’ and send it off to a honeypot is really important. At the moment nobody knows if their APIs are being attacked until they go down.”

(Ping Identity earlier this year bought startup Elastic Beam, which developed an AI-powered API intelligence tool, now rolled into Ping’s portfolio as “PingIntelligence”).

Ping Identity Sandbox

Ping Identity – which names high-profile customers like HP, Netflix, Shell and the US’s top 12 banks – sees significant market opportunity in the sector and has the tools to help. It claims its “Quickstart Private Sandbox” can cut the time to Open Banking and PSD2 compliance by 90 percent.

The sandbox deploys the latest versions of the Ping Identity Platform with a set of example applications and APIs to allow service testing, the company said in a release.

See also: MuleSoft Founder Ross Mason on “Frankenstein” Data Sets and the Rise of the API Economy

The two reference applications are a sporting goods e-commerce store and a financial transaction aggregator. They integrate with a pair of test APIs for payments and accounts, which Ping has built to Open Banking’s Read/Write Data API Specifications.

This allows financial services providers to quickly carry out transaction testing and account aggregation within a security conformant framework.

“Automate the Entire Configuration”

Ping identity sandbox“The process of deploying multiple security elements to meet the Open Banking Security Profile is a complex and largely manual process that can take days and it’s potentially open to misconfigurations that may be difficult to spot within this relatively new technology area,” Phil Allen, VP EMEA for Ping Identity, said in a release.

The Ping Identity sandbox is “essentially an orchestration script that automates an entire configuration”, he added.

“This also includes reporting and exception warnings in just a few minutes as part of a process that is entirely controlled by the bank within any environment they wish.”

The Ping Identity sandbox has been designed to meet the 70 technical security tests set by Open Banking Ltd and Ping Identity said allows automated deployment across dedicated servers, hosted and cloud configurations including AWS and Google.


Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.