Adhere to PSD2 and Open Banking
The Second Payment Services Directive (PSD2) is part of an open banking movement aiming to reduce fraud and improve service – and it’s heralding a new era for identification.
PSD2: Changing the game for banks
The intent behind PSD2 was to create an open banking regulation that would foster innovation and competition. Giving customers and businesses access to better deals and services, along with the promise of always-secure financial transactions.
- something you know (e.g. password)
- something you have (e.g. device)
- something you are (e.g. biometrics)
PSD2 requires banks to give account access to third parties and allow remote payment initiation. The catch being that transactions are exposed to new layers of risk – but PSD2 has an answer to that in Strong Customer Authentication (SCA). Any remote account access or payments must be authenticated by at least two of SCA’s three authentication factors.
The only exemptions to SCA are for whitelisted merchants, subscription payments, secure corporate payments, and low-risk or low-value transactions.We can help
PSD2 and Strong Customer Authentication: The challenges
There’s no sugar-coating it – PSD2 compliance can be challenging for banks.
Strong customer authentication means banks are increasingly responsible for digital customer identities. But implementing SCA in line with PSD2 is not a walk in the park. It gives rise to a number of challenges, especially for financial institutions that have been around for a long time.
It increases security risks
As two authentication factors are required under SCA, the number of attack vectors is naturally increased. What’s more, as people get used to being prompted for credentials, the potential for a new set of phishing attacks is created. So, upholding security is difficult.
It adds friction to user journeys
As PSD2 opens things up with APIs, SCA can actually lead to people facing more complicated authentication processes, more frequently, in more scenarios, if businesses don’t have the right policies in place. Consumers might be getting better deals and safer transactions, but the process is at risk of feeling clunky.
It needs to integrate with current systems
SCA must be applied to existing (and potentially disparate) channels, which poses an integration challenge. On non-adaptive current systems, this could even lead to duplicated authentication steps. Poor integration can lead to friction, non-compliance, or even abandoned transactions.
It needs to work across multiple channels
If SCA is not implemented correctly, it can end up being required every time a user makes a transaction. Which can be very onerous, especially when it comes to building strong customer relationships. To improve user experience and win trust, banks should focus on SCA’s exemptions.
It must also be GDPR-compliant
Let’s not forget about GDPR – which, just as PSD2 is facilitating an open banking movement, is raising the game for data privacy and protection. This means SCA must be GDPR-compliant too, because significant penalties could be dished out if personal data is breached.
How Callsign solves the PSD2 challenge
PSD2 means that banks are tasked with verifying that someone is who they say they are in more scenarios than ever. Which is why Callsign is the ideal solution for solving the omni-channel authentication challenge that PSD2 presents.
At the heart of Callsign technology is a unified understanding of digital identity. Our solution will adapt to new threats and new technologies as they happen. Letting customers get on with whatever it is that they’re doing – and, above all, keeping financial transactions secure and seamless.
Callsign’s dynamic, intelligent, real-time authentication journeys stop cyber criminals in their tracks. Improving identification security for banks and ensuring no false positives.
Our powerful policy engine adapts in real time to ensure appropriate authentication every time – and removes friction as it goes. Delivering the seamless (yet secure) user journeys expected these days.
Exemptions Can Improve Customer Experience
PSD2 guidelines include SCA exemptions that, if applied properly, can reduce authentication steps for customers. Callsign’s policy manager allows you to do exactly that.
By decoupling secure authentication from business functionality, Callsign can integrate easily with legacy services and deliver adaptability regardless of environment.
PSD2 is a moving target – and as new regulations and technologies come into play, the Callsign solution has the agility to support a truly long-term authentication strategy.