Making authentication more accessible: a necessity for banks & best practices for an enhanced user experience

19 / 10 / 2023

Accessibility is crucial in today’s digital world. This blog emphasises the importance of accessibility as a key topic and explores how banks and Worldline can offer inclusive authentication tools to all users. Claire Deprez Pipon, Lead Manager on Authentication Services, shares valuable insights.

bank

Why is Accessibility necessary ?

Accessibility means removing barriers or obstacles that prevent people with disabilities from accessing products, services, and information available to others. Ensuring accessibility enables full participation in society for everyone and granting people with disabilities or impairments equal access to information, goods and services.

Today, 15% of the world's population, equivalent to 1 billion people, experiences some form of disability (Source: The World Bank) and 80% of those disabilities are not visible. Disabilities include visual, auditory physical, and cognitive impairments, sometimes in combination. Offering accessible products, services, or information is not just an option; it is a necessity. Failing to do so excludes people with disabilities, hindering their full participation in society.

It is time for us to take action and provide accessible digital services to cater to the needs of the entire population.

European initiatives to ensure access to digital services for all

The European Union is leading the way in insuring accessible online services.

The European Commission has implement a directive on accessibility, initially for public services, and soon for the private sector.

The EU Web Accessibility Directive (EU) 2016/2102, required all public sector websites and mobile apps to comply with accessibility requirements by 2020 and 2021 respectively. Now, private sector companies must also heed the call following the enactment of the EU 882/2019 Directive: European Accessibility Act (EAA) in April 2019.

Each Member State was required to transpose the Directive into national law by the end of June for entry into force on 28 June 2025 for new products and services and June 2030 for existing ones. 2030 is also the year that Member States must start reporting on the Act.

This EAA is applicable to private companies selling or using products or services  within the EU regardless of their location.

Its intent is to standardise products and services used by disabled people and address the varying accessibility requirements across EU Member States.

Products and services concerned:

To comply with the EAA, companies must  follow the WCAG 2.1 standard (see guidelines), which emphasises that  :

  • Perceivable : information should be visible to all senses,
  • Operable : navigation & interaction should be possible for any visitor,
  • Understandable: Operations & information should be comprehensible,
  • Robust: content should be accessible in various settings & devices.

 Accessibility is also closely linked to  financial inclusion, an important issue addressed by many local and European initiatives. Financial inclusion aims to ensure that no population is excluded from financial services, including strong authentication, which is mainly carried out on smartphones.

In France, the National Cashless Payments Committee (CNPS) and the French Banking Federation (FBF) signed a charter, on 8 October 2022, on the inclusion and access of people with disabilities to means of payment. Point 8 states: “ In line with the recommendations made by the Observatoire de la Sécurité des Moyens de Paiement (OSMP), Internet payment service providers should offer, wherever possible and at no extra cost to users, at least one strong authentication solution as an alternative to using a secure banking application.”

The European Commission also included these concerns in the PSD2 revision (PSD3/PSR) proposition published in June 28th 2023, The text emphasises the need for adaptable Strong Customer Authentication methods that do not depend on a single technology or device and requires: “ payment services providers to ensure that all users can benefit from methods to perform SCA which are adapted to their needs and situations and, in particular, that those methods do not depend on one single technology, device or mechanism, for instance on the possession of a smartphone.”

More information on the impacts of PSD2 revision on Authentication & Security : Worldline en-global | Exploring the effects of PSD2 revision on the Authentication & Security framework

“In response to these initiatives, Worldline Authentication Solutions have already integrated accessibility into our product strategy to cater to the diverse needs of our clients” – Claire Deprez Pipon

How does Worldline provide accessible and inclusive authentication solutions?

Worldline Authentication Solutions support you across the entire value chain from identification to authentication. Our solutions is used by 100M+ users, and over 100 banks across Europe. We have prioritised accessibility in our product strategy.

1.      Training: designers and developers are trained to adhere to digital accessibility standards and guidelines (especially following W3C's WCAG 2.1 standards).Accessibility is integrated from the outset  in the design of new features,

2.      User-centric approach: We prioritise  user experience, understanding of all kinds of disabilities to grasp users’ needs and provide an optimised and inclusive experience

3.      Testing: We conduct regular accessibility testing involving people with disabilities, and make sure that assistive technologies such as screen readers, speech-to-text software, and keyboard shortcuts are compatible with digital products.

This allows us  to offer different accessible authentication tools: 

  • Biometrics authentication to improve disability inclusion.

Biometric authentication plays an important role in disability inclusion by providing  a secure, efficient and accessible way for people with disabilities to access digital services and devices.

For example, individuals with motor impairments may find it difficult to use traditional forms of authentication such as typing in a password. Biometric technology, like fingerprint or facial recognition, offers a user-friendly alternative, ensuring easy and secure access to digital services for all.

Furthermore, biometric authentication  helps to protect the privacy and security of individuals with disabilities as biometric identifiers are significantly more difficult to counterfeit compared to traditional forms of authentication.

  • Security tools compatible with accessibility requirements: introducing Dynamic Virtual Keyboard (DVK).

The principle of DVK is to prevent secrets from being intercepted by malwares and keyloggers, while accessible tools aim to ensure that content can be captured by vocalisation devices.  Worldline addresses those challenges by integrating the vocalization into the DVK enabling it to :

-  Secure PIN code entry

-  Enable PIN authentication (or PIN entry for other uses)for the visually impaired by integrating keyboard vocalisation.

  • Alternative solutions to smartphone authentication for inclusive digital payments that are today mainly authenticated through smartphones:
  • 3D-Secure authentication pages compliant with accessibility requirements

Under PSD2 regulations, 3-D Secure authentication pages are a prerequisite for e-commerce transactions. Our new pages has been developed based on:

- W3C guidelines and customer feedback from W3C experts: collaborating with multiple banks on the subject helps us tune our Authentication pages based on real use cases.

- Increasing success rate:  redesigning pages  with a “less is more” approach as customers typically spend less then 2 seconds reading  authentication pages.

- Focusing on new multiple 3-D Secure use cases: with the evolution of 3-D Secure (recurring, instalment and so on),, providing clear information to user on mobile  has become crucial.

By incorporating accessible design and leveraging our UX experience, Worldline now offers authentication pages that enable smooth identification for all users including the visual impaired and the elderly and for all use cases. 

Claire Deprez-Pipon

Lead Product Manager, Identity Trust & Authentication at Worldline
Claire is responsible for the product management of Strong Customer Authentication & Security solutions such as Access Control Servers, Trusted Authentication, and Digital Intrusion Protection. With 10 years of experience in international business developments and bids, she has developed strong skills to understand customers and market requirements, with a special focus on security, payments, and identity.