The second revision of the Payment Services Directive (PSD2) is one of the most disruptive and important regulations in the banking industry with far-reaching implications for banks, payment service providers (PSPs), and online merchants – requiring a significant change in the way these entities handle digital transactions.
The Regulatory Technical Standards (RTS) defining the implementation of PSD2 were published in March 2018 and will go into effect in September 2019.
What is PSD2?
PSD2, a revision to the Payment Services Directive, which regulates payment services throughout the European Union, is meant to protect consumers during online banking sessions, while also allowing third-party developers to securely access customer financial information. This allows companies such as Google or Facebook to develop software that will enable you to easily access, transfer, or manage money stored in your bank account, using an open interface.
PSD2 empowers customers by giving them more freedom and flexibility over how they use their money. For banks, this means new competition, as software and FinTech companies can develop tools for customers to manage their accounts. However, this also puts customers and banks at greater risk for fraud, especially as the number of mobile and online transactions increases. To reduce the rate of fraud, banks must look into strong customer authentication and fraud prevention measures to protect their customers in this new era of open banking.
Despite the challenges, PSD2 opens up opportunities for banks to expand their services and provide their customers with new offerings. It's just a matter of embracing the change and challenges.
Embracing the Challenges
PSD2 is also an opportunity, encouraging innovation and competition. PSD2 practically removes the roadblocks that FinTech companies face when integrating with financial service providers. In fact, for banks providing standardized access to customer account information, FinTech companies that comply with the new rules can start delivering new and improved financial services using customers' existing bank accounts.
The challenge of securing this new, open exchange of information remains the same. While strong customer authentication and fraud prevention should be common practice today, data theft and fraud still occur regularly.
Over the course of 2017, mobile fraud increased by 50% to 65% of all fraudulent transactions. Heidi Bleau, Principal Integrated Marketing Manager at RSA, recently stated that "as organizations look to roll out new services through the mobile channel, security is key. So much attention has been focused on customer experience, perhaps to the detriment of security, allowing cybercriminals to move their activity to less protected channels. With about two out of every three fraudulent transactions originating from a mobile browser or app, mobile fraud poses a very real threat."
To combat this rise in mobile fraud, PSD2 sets a legal precedent for authentication. Any parties involved in PSD2 must use strong security measures before handling customer data. This is the ideal opportunity for financial institutions and FinTech companies to implement advanced technologies, such as biometric authentication and continuous authentication based solutions. These advanced technologies provide customers with a secure, frictionless experience that not only complies with PSD2 requirements but also reduces the risk of fraud.
Detecting and Preventing Mobile Fraud with Behavioral Biometrics
Just as authentication measures become more advanced, so do the techniques fraudsters develop become more sophisticated. Malware such as Sonvplay uses fake notifications to trick users into signing up for services, which they are then billed for. MysteryBot, a remote access trojans (RAT), imitates the login screens for mobile banking apps, while collecting sensitive user information in the background. With mobile devices playing such a prominent role in our daily lives, the need to better secure financial applications has become a necessity.
PSD2 presents an opportunity to implement advanced, secure authentication measures and includes a mandate for Strong Customer Authentication (SCA), which outlines the minimum elements required to authenticate a user. This places a significant incentive for service providers to innovate and find solutions that offer strong security, while also streamlining the user experience. By partnering with FinTech companies, banks can strengthen their existing services’ modern authentication systems that satisfy SCA and reduce fraud.
This is why behavioral biometrics is emerging as a leading solution for mobile fraud prevention. Behavioral biometrics based fraud detection technology is already available enabling customers to accurately detect sophisticated fraud that uses malware, RATs, emulators, and other threatening tools. It also provides a seamless authentication experience for users which provides seamless continuous authentication without introducing friction.
With PSD2 on the way, the digital banking transformation is in full swing. Banks face many risks, but also opportunities. To stay competitive, banks will have to come up with innovative solutions for providing secure and hassle-free services to their customers. Partnering with FinTech companies and embracing advanced authentication solutions will help banks gain a competitive advantage, reduce risk, and keep customers safe and satisfied.