Strong authentication
  • Article

Strong authentication: What changes does PSD2 mean for the banking sector?

PSD2 what is it?

PSD2, or the Payment Services Directive, is a new European directive that comes into force on September 14, 2019. It was created with the aim of improving the security of online payments and access to account information. As such, this directive imposes new obligations on banks and other payment service providers(third-party PSPs) such as account aggregators and payment initiators.

It covers 3 major topics:

  • Low-value transactions (under €30 or €50 for contactless payment);
  • Transactions considered low risk after risk analysis by the bank;
  • Regular transactions of the same amount and to the same beneficiary from the 2nd and subsequent transactions;
  • Transfers between two accounts held by the same account holder within the bank;
  • Transfers for beneficiaries on a white list of " trusted beneficiaries ".

How to choose the right complementary authentication method for customers?

Generally, the customer service or marketing department carries out a survey and establishes the personae of its various customers. By identifying their problems, banks are better able to offer each type of customer the authentication method best suited to their constraints.

Bank advisors and customer service staff therefore have a vital role to play. On the one hand, they must inform and raise awareness among customers during the migration to strong authentication, and on the other, they are the point of entry for identifying any problems with customers.

Customers are therefore gradually migrated to new strong authentication solutions, provided by their bank in advance thanks to their contact person (usually the advisor).

How does strong authentication by application?

To replace SMS authentication with mobile banking application authentication, customers will need to register their phone and link its number to their bank account.

Upon registration, the customer's smartphone will be linked to his or her bank account. The customer will then be asked to define a security code to access the online banking area.

Do you have a similar problem, or would you like to set up a strong authentication system? Contact us !

 

Article written by one of our consultants...

FAQ - STRONG AUTHENTICATION Strong authentication

Strong authentication involves verifying a user's identity using at least two criteria: something they know (password), something they possess (phone, token), or something they are (biometrics). This measure aims to secure online payments and reduce the risk of fraud.

PSD2 provides a framework for European payment services, making them more secure. The requirement for strong authentication strengthens consumer protection, improves confidence in digital transactions and helps combat bank fraud.

Organizations need to adapt their authentication paths, update their payment systems and ensure compatibility with modern banking solutions. A smooth user experience is essential to avoid a drop in conversion.

Yes, but this impact can be positive. Properly implemented, SCA doesn't make the process any more cumbersome: biometrics, push notifications or integrated tokens make the experience simpler than the old, complex passwords.

  • Low-value transactions (under €30 or €50 for contactless payment);
  • Transactions considered low risk after risk analysis by the bank;
  • Regular transactions of the same amount and to the same beneficiary from the 2nd and subsequent transactions;
  • Transfers between two accounts held by the same account holder within the bank;
  • Transfers for beneficiaries on a white list of " trusted beneficiaries ".

What are the consequences of this change?

One of the major aspects of PSD2 is the introduction of strong authentication for account consultation and electronic payment transactions.

It aims to make electronic transactions more secure by strengthening verification of the user's digital identity.

Authentication is considered strong if it results from the combination of at least two of the following three authentication factors:

  • Something you own : smartphone, SIM card, physical key, etc ;
  • Something you know : password, secret code, etc;
  • A personal characteristic: fingerprint, facial recognition, voice recognition, etc.

Customers must use a strong authentication method to make online payments, or for any other online operations involving a risk of fraud (such as changing a telephone number, for example).

This double authentication will be required to connect to the personal online banking space, and will have to be updated every 90 days.

However, there are exceptions to strong authentication, in particular for :

  • Low-value transactions (under €30 or €50 for contactless payment);
  • Transactions considered low risk after risk analysis by the bank;
  • Regular transactions of the same amount and to the same beneficiary from the 2nd and subsequent transactions;
  • Transfers between two accounts held by the same account holder within the bank;
  • Transfers for beneficiaries on a white list of " trusted beneficiaries ".

How to choose the right complementary authentication method for customers?

Generally, the customer service or marketing department carries out a survey and establishes the personae of its various customers. By identifying their problems, banks are better able to offer each type of customer the authentication method best suited to their constraints.

Bank advisors and customer service staff therefore have a vital role to play. On the one hand, they must inform and raise awareness among customers during the migration to strong authentication, and on the other, they are the point of entry for identifying any problems with customers.

Customers are therefore gradually migrated to new strong authentication solutions, provided by their bank in advance thanks to their contact person (usually the advisor).

How does strong authentication by application?

To replace SMS authentication with mobile banking application authentication, customers will need to register their phone and link its number to their bank account.

Upon registration, the customer's smartphone will be linked to his or her bank account. The customer will then be asked to define a security code to access the online banking area.

Do you have a similar problem, or would you like to set up a strong authentication system? Contact us !

 

Article written by one of our consultants...

FAQ - STRONG AUTHENTICATION Strong authentication

Strong authentication involves verifying a user's identity using at least two criteria: something they know (password), something they possess (phone, token), or something they are (biometrics). This measure aims to secure online payments and reduce the risk of fraud.

PSD2 provides a framework for European payment services, making them more secure. The requirement for strong authentication strengthens consumer protection, improves confidence in digital transactions and helps combat bank fraud.

Organizations need to adapt their authentication paths, update their payment systems and ensure compatibility with modern banking solutions. A smooth user experience is essential to avoid a drop in conversion.

Yes, but this impact can be positive. Properly implemented, SCA doesn't make the process any more cumbersome: biometrics, push notifications or integrated tokens make the experience simpler than the old, complex passwords.

What is strong authentication?

One of the major aspects of PSD2 is the introduction of strong authentication for account consultation and electronic payment transactions.

It aims to make electronic transactions more secure by strengthening verification of the user's digital identity.

Authentication is considered strong if it results from the combination of at least two of the following three authentication factors:

Customers must use a strong authentication method to make online payments, or for any other online operations involving a risk of fraud (such as changing a telephone number, for example).

This double authentication will be required to connect to the personal online banking space, and will have to be updated every 90 days.

However, there are exceptions to strong authentication, in particular for :

What are the consequences of this change?

One of the major aspects of PSD2 is the introduction of strong authentication for account consultation and electronic payment transactions.

It aims to make electronic transactions more secure by strengthening verification of the user's digital identity.

Authentication is considered strong if it results from the combination of at least two of the following three authentication factors:

Customers must use a strong authentication method to make online payments, or for any other online operations involving a risk of fraud (such as changing a telephone number, for example).

This double authentication will be required to connect to the personal online banking space, and will have to be updated every 90 days.

However, there are exceptions to strong authentication, in particular for :

How to choose the right complementary authentication method for customers?

Generally, the customer service or marketing department carries out a survey and establishes the personae of its various customers. By identifying their problems, banks are better able to offer each type of customer the authentication method best suited to their constraints.

Bank advisors and customer service staff therefore have a vital role to play. On the one hand, they must inform and raise awareness among customers during the migration to strong authentication, and on the other, they are the point of entry for identifying any problems with customers.

Customers are therefore gradually migrated to new strong authentication solutions, provided by their bank in advance thanks to their contact person (usually the advisor).

How does strong authentication by application?

To replace SMS authentication with mobile banking application authentication, customers will need to register their phone and link its number to their bank account.

Upon registration, the customer's smartphone will be linked to his or her bank account. The customer will then be asked to define a security code to access the online banking area.

Do you have a similar problem, or would you like to set up a strong authentication system? Contact us !

 

Article written by one of our consultants...

FAQ - STRONG AUTHENTICATION Strong authentication

Strong authentication involves verifying a user's identity using at least two criteria: something they know (password), something they possess (phone, token), or something they are (biometrics). This measure aims to secure online payments and reduce the risk of fraud.

PSD2 provides a framework for European payment services, making them more secure. The requirement for strong authentication strengthens consumer protection, improves confidence in digital transactions and helps combat bank fraud.

Organizations need to adapt their authentication paths, update their payment systems and ensure compatibility with modern banking solutions. A smooth user experience is essential to avoid a drop in conversion.

Yes, but this impact can be positive. Properly implemented, SCA doesn't make the process any more cumbersome: biometrics, push notifications or integrated tokens make the experience simpler than the old, complex passwords.

Share this article

Share this article

Contents

Read also
Product roadmap: mistakes to avoid to stay on track
It’s always Day 1. Day 2 is stagnation. Followed by irrelevance. Followed by...
Read the article
QA as a lever for customer satisfaction and collaboration
Software quality is often perceived as a constraint. In many...
Read the article
Green Coding: best practices for reducing the carbon footprint of code
Digital technology plays a central role in modern society: it underpins the economy,...
Read the article
Product roadmap: mistakes to avoid to stay on track
It’s always Day 1. Day 2 is stagnation. Followed by irrelevance. Followed by...
Read the article
QA as a lever for customer satisfaction and collaboration
Software quality is often perceived as a constraint. In many...
Read the article
Green Coding: best practices for reducing the carbon footprint of code
Digital technology plays a central role in modern society: it underpins the economy,...
Read the article
I have a project
I want to apply