Banks are facing not only a dramatic increase in the number of cyber-attacks but also sophistication and complexity of those attacks. Fraudsters and hackers are constantly challenging the security measures put in place by banks to protect sensitive business data. In the meantime, consumers are using more and more new innovative services with seamless experience and expect banks to find the right balance between security level needed and reduced friction in the user journey.
EVALUATING RISK AND ADAPTING ACCORDINGLY
The new European legislation, the revised Payment Service Directive (PSD2), requires that banks adapt security measures to the level of risk involved. As a result, payment service providers (PSPs) have the obligation to operate transaction and risk monitoring in order to assess, detect and prevent risks linked to payments and any access to account operations.
For those transactions identified as low risk, a payment service provider can bypass any strong customer authentication (SCA) requirements. For those transactions that are deemed more high riskâ€”such as sudden changes in location or abnormal spendingâ€”step-up authentication will be required. By evaluating risk and adapting accordingly, banks are able to offer a targeted approach that strikes the right balance between security and user convenience.