Embracing Open Banking with a mobile-first mentality
PSD 2 PSD2 may mean customers see extra steps in payments processes, or 'multi-factor authentication' when using mobile payment.
The second Payment Services Directive (PSD2) will fundamentally change how consumers access their financial data as well as how, and with whom, they transact.
Currently, consumers holding accounts at multiple institutions need to log into each account via that institution’s digital interface, whether this be via a mobile app or an online portal.
But to promote competition in financial services and improve ease of use for consumers, PSD2 makes provision for data aggregators, which allow for a single view of accounts at multiple providers such as insurance companies, payments services, credit card issuers, mortgage lenders, etc. In this way, PSD2 will open banking, offering consumers more freedom not only when it comes to accessing and sharing their financial data, but also for engaging in financial transactions.
This freedom, however, does not equate to less security. In fact, PSD2 will require banks to put Strong Customer Authentication (SCA) methods in place. The industry standard for SCA is based on multi-factor authentication, where at least two authentication factors from different groups are used; for example, something a consumer has, something they know and something they are.
Will customers react badly to added security steps?
"Consumers want to take control of the security of their personal information."
It would be easy for banks to have misgivings about the new regulations, but there is no need to fear. Although there is an industry perception that consumers tend to resist new technologies and extra “steps” in payments processes, recent research has indicated that consumers do want to take control of the security of their personal information.
How do mobile phones offer a solution?
One way of providing an authentication measure that is simultaneously secure and less disruptive to the consumer, is by utilising the power and ubiquity of the mobile phone. Rather than requiring consumers to rely on one-time passwords or additional security tokens that are less secure and cumbersome, mobile phones can be used as one factor of authentication in a SCA implementation.
Imagine a scenario where a consumer initiates a purchase online and, to verify that purchase, an authentication window pops up on their mobile phone. All the consumer need do is tap accept or reject on the device to verify the transaction. It is a quick and seamless interaction that leaves them feeling empowered and reassured.
Is Strong Customer Authentication still risky?
Just as important as the consumer’s perception of the authentication process, is the fact that using a robust SCA solution does reduce financial fraud... in the UK, this type of fraud cost households £2.1m every day last year.*
Banks that embrace PSD2 with a smart, innovative and customer-centric approach will reap all the rewards, from better customer satisfaction to lower fraud levels: security and privacy can be a win on all fronts.
*according to FFA UK