People around the world are increasingly conducting their banking operations online from a range of devices, including computers, tablets and mobile phones. Innovative banking services are flourishing, providing more reliable, simple and convenient solutions. And yet, the growth of online and mobile payments has also been accompanied by a dramatic growth of Internet fraud.
Banking customers expect convenience but are not willing to trade away security in the process. According to a recent Gemalto poll, 44% of those surveyed would switch banks if their current bank was breached. The onus on protecting personal customer information is clearly on the bank.
of consumers would switch banks if their current bank was breached
STRONG CUSTOMER AUTHENTICATION
The revised Payment Service Directive (PSD2) provides banks with a more robust framework to offer the added security that consumers are seeking. The new European regulation mandates Strong Customer Authentication (SCA) procedures for online banking services and for initiating and processing electronic payments.
Strong Customer Authentication, as defined in PSD2, means that transactions are authenticated using two or more of the following elements:
- Knowledge: something only the user knows (e.g. password, pin, ID number)
- Ownership: something only the user possesses (e.g. mobile device, token, smart card)
- Inherence: something only the user is (e.g. fingerprint, face or voice recognition)
In the case of remote payments PSD2 also requires the creation of a dynamic link, an additional authentication element that dynamically links the transaction amount and the account number of the payee.