I have a project
I want to apply
Strong authentication

Strong authentication: What changes does PSD2 mean for the banking sector?

PSD2 what is it?

PSD2, or the Payment Services Directive, is a new European directive that comes into force on September 14, 2019. It was created with the aim of improving the security of online payments and access to account information. As such, this directive imposes new obligations on banks and other payment service providers(third-party PSPs) such as account aggregators and payment initiators.

It covers 3 major topics:

  • Low-value transactions (under €30 or €50 for contactless payment);
  • Transactions considered low risk after risk analysis by the bank;
  • Regular transactions of the same amount and to the same beneficiary from the 2nd and subsequent transactions;
  • Transfers between two accounts held by the same account holder within the bank;
  • Transfers for beneficiaries on a white list of " trusted beneficiaries ".

How to choose the right complementary authentication method for customers?

Generally, the customer service or marketing department carries out a survey and establishes the personae of its various customers. By identifying their problems, banks are better able to offer each type of customer the authentication method best suited to their constraints.

Bank advisors and customer service staff therefore have a vital role to play. On the one hand, they must inform and raise awareness among customers during the migration to strong authentication, and on the other, they are the point of entry for identifying any problems with customers.

Customers are therefore gradually migrated to new strong authentication solutions, provided by their bank in advance thanks to their contact person (usually the advisor).

How does strong authentication by application?

To replace SMS authentication with mobile banking application authentication, customers will need to register their phone and link its number to their bank account.

Upon registration, the customer's smartphone will be linked to his or her bank account. The customer will then be asked to define a security code to access the online banking area.

Do you have a similar problem, or would you like to set up a strong authentication system? Contact us !

 

Article written by one of our consultants.

  • Low-value transactions (under €30 or €50 for contactless payment);
  • Transactions considered low risk after risk analysis by the bank;
  • Regular transactions of the same amount and to the same beneficiary from the 2nd and subsequent transactions;
  • Transfers between two accounts held by the same account holder within the bank;
  • Transfers for beneficiaries on a white list of " trusted beneficiaries ".

What are the consequences of this change?

One of the major aspects of PSD2 is the introduction of strong authentication for account consultation and electronic payment transactions.

It aims to make electronic transactions more secure by strengthening verification of the user's digital identity.

Authentication is considered strong if it results from the combination of at least two of the following three authentication factors:

  • Something you own : smartphone, SIM card, physical key, etc ;
  • Something you know : password, secret code, etc;
  • A personal characteristic: fingerprint, facial recognition, voice recognition, etc.

Customers must use a strong authentication method to make online payments, or for any other online operations involving a risk of fraud (such as changing a telephone number, for example).

This double authentication will be required to connect to the personal online banking space, and will have to be updated every 90 days.

However, there are exceptions to strong authentication, in particular for :

  • Low-value transactions (under €30 or €50 for contactless payment);
  • Transactions considered low risk after risk analysis by the bank;
  • Regular transactions of the same amount and to the same beneficiary from the 2nd and subsequent transactions;
  • Transfers between two accounts held by the same account holder within the bank;
  • Transfers for beneficiaries on a white list of " trusted beneficiaries ".

How to choose the right complementary authentication method for customers?

Generally, the customer service or marketing department carries out a survey and establishes the personae of its various customers. By identifying their problems, banks are better able to offer each type of customer the authentication method best suited to their constraints.

Bank advisors and customer service staff therefore have a vital role to play. On the one hand, they must inform and raise awareness among customers during the migration to strong authentication, and on the other, they are the point of entry for identifying any problems with customers.

Customers are therefore gradually migrated to new strong authentication solutions, provided by their bank in advance thanks to their contact person (usually the advisor).

How does strong authentication by application?

To replace SMS authentication with mobile banking application authentication, customers will need to register their phone and link its number to their bank account.

Upon registration, the customer's smartphone will be linked to his or her bank account. The customer will then be asked to define a security code to access the online banking area.

Do you have a similar problem, or would you like to set up a strong authentication system? Contact us !

 

Article written by one of our consultants.

What is strong authentication?

One of the major aspects of PSD2 is the introduction of strong authentication for account consultation and electronic payment transactions.

It aims to make electronic transactions more secure by strengthening verification of the user's digital identity.

Authentication is considered strong if it results from the combination of at least two of the following three authentication factors:

Customers must use a strong authentication method to make online payments, or for any other online operations involving a risk of fraud (such as changing a telephone number, for example).

This double authentication will be required to connect to the personal online banking space, and will have to be updated every 90 days.

However, there are exceptions to strong authentication, in particular for :

What are the consequences of this change?

One of the major aspects of PSD2 is the introduction of strong authentication for account consultation and electronic payment transactions.

It aims to make electronic transactions more secure by strengthening verification of the user's digital identity.

Authentication is considered strong if it results from the combination of at least two of the following three authentication factors:

Customers must use a strong authentication method to make online payments, or for any other online operations involving a risk of fraud (such as changing a telephone number, for example).

This double authentication will be required to connect to the personal online banking space, and will have to be updated every 90 days.

However, there are exceptions to strong authentication, in particular for :

How to choose the right complementary authentication method for customers?

Generally, the customer service or marketing department carries out a survey and establishes the personae of its various customers. By identifying their problems, banks are better able to offer each type of customer the authentication method best suited to their constraints.

Bank advisors and customer service staff therefore have a vital role to play. On the one hand, they must inform and raise awareness among customers during the migration to strong authentication, and on the other, they are the point of entry for identifying any problems with customers.

Customers are therefore gradually migrated to new strong authentication solutions, provided by their bank in advance thanks to their contact person (usually the advisor).

How does strong authentication by application?

To replace SMS authentication with mobile banking application authentication, customers will need to register their phone and link its number to their bank account.

Upon registration, the customer's smartphone will be linked to his or her bank account. The customer will then be asked to define a security code to access the online banking area.

Do you have a similar problem, or would you like to set up a strong authentication system? Contact us !

 

Article written by one of our consultants.

Share this article

Share this article

Contents

Read also
The impact of AI on the Developer profession
This article was written by Manon, a Python developer at our Python agency.
Read the article
Notions of digital ecology
Understanding the ecological impact of digital technology Just as in quantum physics,...
Read the article
Code 418: April Fool's Day in web programming 
HTTP codes HTTP codes describe a standardized state in communication...
Read the article
The impact of AI on the Developer profession
This article was written by Manon, a Python developer at our Python agency.
Read the article
Notions of digital ecology
Understanding the ecological impact of digital technology Just as in quantum physics,...
Read the article
Code 418: April Fool's Day in web programming 
HTTP codes HTTP codes describe a standardized state in communication...
Read the article

Data & privacy

Privacy policy

Exercise your rights

Legal Notice

About us

Join us

Contact us

Site map

 

Locations

Paris

12 rue de la Bourse
75002 Paris

Toulouse

8 Grande rue de Nazareth
31000 Toulouse

Bordeaux

Coworking W'iN Mériadeck
61 rue du Château d'eau
33000 Bordeaux

I have a project
I want to apply