A new Whitepaper states that the EU Payment Services Directive (PSD2) will undoubtedly facilitate innovation, competition, and efficiency among banks and other payment institutions, especially around Strong Customer Authentication.
While giving consumers additional choice over how they manage their money and transact online, PSD2 also calls for a heightened security standard for online payments, ensuring consumer protection.
With digital fraud growing faster every year, the need for enhanced security protections has never been more relevant. Under PSD2’s Regulatory Technical Standards (RTS), account and payment service providers must comply with increased security requirements when processing payments or providing account-related services. At the heart of the RTS is the need for Strong Customer Authentication, allowing consumers to be better protected when making transactions online.
RTS standards also require various cybersecurity mechanisms be in place in order to mitigate device exposure to risk and ensure secure transactions and payment authorisations. Payment service providers need to support purchase and login scenarios that utilize SCA while at the same time minimizing the amount of friction incurred by their users, which can result in customer frustration and abandonment.
Common forms of additional authentication use one-time passcodes sent through separate, “out-of-band” communication channels like SMS (text message) or email. While SMS and email are widely-used authentication methods, both are subpar user experiences that lead to friction.
Likewise, SMS and email are insecure channels and can be compromised by malware, social engineering, man-in-the-middle attacks, and other techniques used by fraudsters. Best-in-class multifactor authentication methods are transparent to the end customer and allow good consumers to transact with the least amount of friction possible, while at the same time are secure communication channels.
In the wake of PSD2, there is much opportunity for banks and other payment institutions to enable customers to enjoy the flexibility and simplicity of making purchases using their financial accounts, which will help with customer retention and in building trust.
Therefore, PSD2 should be viewed as a transformational opportunity versus a compliance burden. However, security must be at the forefront in order to be able to deliver on that promise. The success of PSD2 will be determined by customer adoption, which will be driven by perceptions around user experience and data security.
To ensure success, banks need to implement SCA solutions that are simple, secure, and compliant.