How will PSD2 and Strong Customer Authentication change Banking & Fintech

March 15, 2019
3 minutes read
Category: Mobile Identity
Author: Harry Cheung

When the European Union passed a new version of Payment Services Directive (PSD2) in 2015, a four-year deadline started ticking for all relevant parties - mainly banks, payment providers, and fintech companies - to implement its rules.

Main changes PSD2 brings into the financial services market are related to breaking down banks’ monopolies on user data, introducing new services that sit between the users and the banks, and - the most important change from IPification’s standpoint - requiring stronger authentication checks.

To put it in simpler terms, PSD2 sets out to provide consumers and businesses with an easier way to look after their money and to enable innovations in the field of mobile and online payments. While at the same time protecting users in a stronger way.

A better deal for users

When PSD2 comes into effect, users will be able to allow third-party providers access to their banking data. These could be companies offering consumers a way to have data from different banks accessible from a single place. Or offering analysis of users spending and financial health in general.

On the other hand, new payment service providers are likely to pop up, to enable users to manage their bills and other payments in an easier way. It's not hard to imagine Amazon will become a payment provider so they can directly process payments to provide their users with a better experience.

PSD2 opens up the financial services market thoroughly. This will, I am sure, bring a lot of innovation. But also a lot of need to protect users at different stages - because allowing access to user’s bank data and approving transactions within apps of many different (both old & new) service providers will mean a lot of authentication requests that need to be handled properly to prevent fraud.

Improved user security

This is why PSD2 also includes changes to the way authentication will be carried out. Called Strong Customer Authentication - it is based on using at least 2 out of 3 possible authentication factors.

The first is something a user KNOWS. This can be a password, a PIN, an answer to a security question only a user knows. For this factor, payment card number, CVV or expiration date are not considered valid!

The second factor is something a user IS. This basically is a biometric factor relying on ie. a fingerprint, facial recognition, voice recognition, etc. New biometric authentication technologies are still developed and could be added to the list.

The third factor is something a user HAS. This can be a hardware token, a smart card, a wearable device, a smartphone, or another type of physical device.

And this third factor is where IPification fits in perfectly as the only currently available technology that provides the smooth, seamless user experience during authentication. Based on the mobile operators’ infrastructure and information about users, their SIM cards, and devices they use - authentication is done with a single user tab or in the background - without exchanging users’ private data with the app.

This is exactly what the players on the European fintech market need!

User experience will prevail

When looking at the changes from the fintech service providers point of view - it is clear that they need to implement PSD2’s security measure completely and thoroughly. But at the same time,  they have a big challenge to ensure authentication methods they implement are not complicated for users.

Users prefer authentication methods that offer simplicity and UX before higher security standards.

Also, we can expect an increase in the number of authentication requests that will be processed in the European fintech market, while new service providers and apps battle it out for market dominance.

To me, it is clear that service providers which implement the smoothest authentication methods will have a significant competitive advantage. Because users will not choose only based on features offered, but also based on how easy is it for them to fulfill their banking, payment, and financial needs.

Smooth UX will win!

Influence outside Europe

PSD2 coming into effect will not only influence the European Union’s banking and fintech market. Its effects will be felt in other countries as well. And most likely not in a good way. At least not at first.

Stroger authentication for banking and financial services in Europe will most likely cause a drop in fraud attempts in the EU, and criminals will start looking for victims elsewhere.

So users in countries where it is easier to fool current authentication methods should take extra care, and service providers in those markets should not wait to implement stronger authentication methods to dissuade fraud attempts.

September 2019 is D-day for SPD2 to come into effect, but players that want to be relevant cannot wait. April of this year is when live tests between banks and third-party apps will begin, and we are ready to support this process with our unique, telco-based seamless authentication technology.