The Financial Conduct Authority has now begun to enforce ‘Strong Customer Authentication’ rules, a key aspect of PSD2 regulations.
The introduction of new Strong Customer Authentication regulation aims to reduce fraud and improve security for customers. Under the regulation, European banks are required to offer customers three layers of authentication such as PIN code or a password, biometrics such as a fingerprint, and a physical device such as a phone when customers make online payments over €30 in Europe.
It was meant to be introduced in September 2019, but was pushed back to give banks time to prepare. They will now have to be fully compliant from the 14th.
Will Strong Customer Authentication compromise convenience?
However, although the regulation is designed to protect customers against the growing issue of financial fraud, others fear it could come at the cost of customer experience and convenience.
Rene Hendrikse, VP EMEA at Mitek said:
“The convenience of open banking has a dark side: fraud is on the rise. Criminals stole 40% more in the first half of 2019 than 2018 through bank transfer scams, while fraud losses on cards totalled £313 million. Strong Customer Authentication (SCA), coming into force this weekend, has forced banks to introduce new ways to fight fraud – from more complex logins for online and mobile banking, to regular identity checks. This all provides a greater safety layer against online fraud.
“SCA means every customer will be authenticated by at least two of something they are, something they have, and something only they know. What you are could be your fingerprint, or a selfie – something that biometrically identifies you as you. Something you have could be a credit card, card reader or an ID document. Something you know could be your PIN, a security question, or a One Time Passcode (OTP) by SMS. The combination of two, with every transaction, makes fraudsters’ jobs much harder.
However, he believes that the regulation may introduce additional hurdles for customers:
“For banks, verifying that a customer is who they say they are with every high-risk transaction will be transformative. As often with regulatory change, technology is the obvious choice to ease the burden of compliance. Crucial to success is being proactive and investing in the technologies that really fight fraud.
“We know that customers expect stronger security layers when banking and making online purchases. They are also more willing to share their digital identity information with banks than any other institution – even the government. For these customers, the new regulation is welcome. For others, the new hurdles may be seen as more of a nuisance than as a vital anti-fraud measure. They want a quick and simple experience, which is possible with SCA – having every part of the authentication process happen within one app is key.
“While the time for banks to make this investment is almost up, retailers and card and payments providers still have until March 2021 to make it happen. Banks must keep consumers’ needs top of mind to get them on board. Only then can we stop fraud in its tracks.”