Cybersecurity: While the term is often overused, no one can ignore the fact that cyber security attacks and data breaches increased by over 15% in 2021 compared to the previous year. That is affecting the market and making it even more justified to have laws and regulations to protect consumers.
Data Privacy Laws: While Europe has had GDPR for years many countries in other regions have been lacking guidance and consistency. Now that privacy laws are emerging all over the world, they are holding vendors and solution providers to a much higher standard.
Banking Regulations: Open Banking is now a global reality, but it is moving beyond compliance, it is creating opportunities for both banks and consumers. Not only are banks enabling for additional APIs (beyond the six required by Open Banking), but they are also interested to capitalise on the user experience for their consumers.
Banks Becoming Digital Market Places: Banks are moving beyond the traditional role of simply holding/loaning money. They see the power in becoming marketplaces and facilitating transactions for businesses. This is starting to surface in many countries, and it indicates a shift in focus that is transforming the industry.
Since many regions combine both PSD2 and Open Banking standards under their respective Open Banking umbrella, it is fair to say that SCA is recognised as a key part of securing Open Banking transactions around the globe. All those regulations seem to include a principle similar to PSD2’s SCA.
Not all SCA-qualified solutions are alike and there is a lot of space for interpretation. While PSD2 does not forbid the use of SMS messages containing an authentication code, one-time-passwords (OTP), or payment details, it does require institutions to ‘take all necessary security measures to ensure the confidentiality, authenticity and integrity’ of any authentication codes transmitted via SMS. In countries like the US, banks and financial services providers continue to rely on SMS authentication despite its many vulnerabilities. Singapore’s Monetary Authority, by contrast, announced in January of 2022 that it will review the use of SMS authentication codes to bolster the security of the digital banking ecosystem.
Three Domain Secure (3DS) is a complex authentication security protocol designed to prevent fraudulent transactions online when using a debit or credit card. It is common to refer to these transactions as Card Not Present (CNP) payments. In short, 3DS calls on three separate domains to authenticate consumers and sign transactions during CNP payments.
While everyone would agree that protecting the legitimacy of online payments is a necessity, the original 3DS process has left consumers with a less than desirable experience. It was the same for all transactions, it did not support biometric authentication, and it was incompatible with some devices and mobile browsers. Authorisation page loading speeds caused frustration, while questions about the authenticity of the 3DS in-session verification window led some consumers to abandon their transactions.
By contrast, 3DS2 is expected to leave a lot fewer shopping carts abandoned both because of the enhanced capability to maintain a consistent look and feel and because of its seamless fraud prevention enablement aspect.
3DS2 also enables organisations to adapt payment authorisation for high-risk transactions, rather than across the board. The authentication risk level is based on a rich set of data collected about the cardholder and the transaction and then sent to the issuer.
The card issuers are now empowered to make better-informed decisions thanks to data-sharing APIs connecting businesses and banks that are able to incorporate more than 150 potential data points representing the information they and card issuers know about their mutual customers.
It needs to be easy to do the right thing. It needs to be less painful for consumers to have an SCA experience to perform a payment and it needs to be more convenient for banks as well.
Banks have a tremendous incentive to be Open Banking compliant. SCA is a very important part of that, it is an investment in a different business model that can enable them to not only bring certainty to the customer journey but also to evolve their business model.
Our market research indicates that the responsibility or the interest in SCA and other Open Banking-related compliance requirements have moved from being of interest to only the compliance department to being very much a priority for the business side of the house. They are seeing a way to not only for ROI but to transform their value proposition. Making that apparent is key.
This interview has first been published in the Open Banking and Open Finance Report 2022. Click here to download the report.
Katie Björk heads the Solution Marketing department for HID Global IAM Consumer Authentication. She has nearly 20 years of experience in successfully implemented strategic communications, change management, market research and product implementations for several large companies across multiple industries globally.
HID Global facilitates trust in a digital world by enabling secure and seamless customer interactions by providing world-class SaaS ecosystem to orchestrate customer identification, authentication, and risk management.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now