How can a financial service provider choose the right authentication method?
02 / 04 / 2019
The increasing amount of online services is leading us to spend more and more time on the internet. Smartphone use is growing rapidly, and online payments have become very common. These trends mean we must protect our data better, especially now that criminals are finding new ways to commit digital fraud, such as scams via Whatsapp.
Digitisation of services and the changing regulations
In the fight against fraud, reliable authentication solutions play a key role. This is especially true when it comes to online payments, explains Claire Deprez-Pipon, Product Manager at Worldline. "The recently implemented legal procedures, such as the GDPR, NIS, PSD2 and eIDAS demonstrate that the security of electronic transactions is a top priority. The regulations are mainly focused on protecting personal data and strengthening authentication solutions."
The digitisation of services and changing regulations have consequences for banks. "In the field of transaction security," Deprez-Pipon continues, "financial service providers cannot fall behind. They must keep up with new developments." Banks are required to open their API because of the PSD2. This means banks have to validate customer permissions when third parties want access to their accounts. For this, strong customer authentication (SCA) is required. "The Privacy Law GDPR and the eIDAS regulation also influence the way we organise authentication solutions."
This is why it’s important for a financial service provider to choose the right authentication method, one in which ease of use and security go hand in hand.
Two-step verification
One aspect to pay attention to two-step verification, as there are three factors with which you can identify yourself: something that you know (such as a password), something that you possess (such as an ID card) and something unique about yourself (such as fingerprints). The PSD2 RTS decrees Strong Customer Authentication (SCA), stating that you must verify yourself with at least two of the three factors before you can make a payment. Some factors are safer than others. Deprez-Pipon notes that "two-factor SMS authentication is still popular, but it’s been proven that sending an SMS with a code is not a completely safe method. Installing an app on a smartphone is a better way to do it because biometric features can also play a role."
Convenient use and implementation
"The last thing a seller wants is for customers to abandon payment process because authentication is too complicated," Deprez-Pipon warns. "Therefore, the solution must be easy to understand and implement. A frictionless authentication process can prevent a lot of irritation." This also applies to the financial service provider’s own implementation of the authentication method; the method must be easy to roll out. A software development kit (SDK, a set of development tools) or a white-label app (a generic app that can be customised according to the house style of each company) can serve as an important tool for implementation. Deprez-Pipon adds, "A solution must not only be compliant with all regulations but must also be flexible. This means that new services can easily be replaced or expanded."
Multichannel
Deprez-Pipon adds that companies should use the same authentication solution for all channels (whether on a computer, tablet or mobile phone). "It's easier for a bank to have the minimum number of authentication solutions, so users don't get confused. Choose a solution that always works: when the customer calls a call centre to protest against a credit card block; when the customer buys a new laptop via the internet; or when the customer wants to initiate a credit transfer via a bank app. A verification app on the mobile or tablet that can always be used, regardless of the channel, is a good example to aim for."
Paul Jennekens
-
How banks build trust in a PSD2 world.
Learn more -
Worldline and Citynox collaborate in the massive deployment of secure bicycle parks in France and internationally
-
Tech4Good: Can roundup donations make a difference? | Podcast
-
Worldline launches “Bank Transfer by Worldline”, a new account-to-account payment method in 14 European countries by end of 2024
Learn more -
How Payment Performance Drives Growth for Global E-commerce Businesses