Articles on PKI, HSM, payments cryptography, regulatory frameworks and security architecture — meant for teams at financial institutions who have to make technical decisions with regulatory consequences. If you find any useful, please share.
The legal framework has existed since 2000, RENIEC operates the state CA, and you can sign with full legal validity today. So why don't companies use it, and what does a well-executed project look like?
Read →What we see when we walk into real HSM operations at banks and credit unions. Each one is preventable, several are audit findings waiting to happen.
Read →What the board should be able to answer when the SBS asks what stance the institution took on open banking. No new tech yet: just clarity.
Read →A PKI is not a piece of software or an HSM. It is an ecosystem of policies, ceremonies and certificates. Here is when it makes sense to build one, and when it doesn't.
Read →Which algorithms a quantum computer actually breaks, how many qubits are really needed, where the technology is today, and why migration has to start now even though the risk is 2035.
Read →504-2021 doesn't ask for miracles. It asks for governance, documented controls and evidence. Here's what being ready actually looks like.
Read →If you work at a financial institution and there's a technical or regulatory topic you'd like to see explained here, write to ventas@2ps.pe. If it fits what we know, we'll add it to the list.