One thing that does not change is the expectation of changes to come.
European Banking Authority has released Payment Services Directive 2. It is an adaptation of the law to the current horizon of security threats to the customers in Europe. As of 13 January 2018 it replaces the directive 2007/64/EC. It will affect all of the citizens of the European Economic Area.
Payment Services Directive 2 will be enforced since 14 September 2019. The new push towards the security of customers gets mandatory on that date. There are trendsetting organisations that prepare to be compliant with the directive before the deadline.
From our perspective, there are two goals of PSD2. Open the financial industry for interaction by opening the API’s. The other one is more important for us. Security of customers and their transactions will require Strong Customer Authentication (SCA) to minimise the number of frauds.
Strong Customer Authentication is a new term that refers to the authentication of payments. That means there are new rules for all financial institutions that accept payments. Below we present three classic elements of authentication.
Biometrical traits such as
The most used method for authentication payments in Europe is by SMS code. According to PSD2, using text messages does not meet the requirements of Article 5 point 2 of PSD2 standard. Text messages provide neither integrity nor confidentiality of information that was sent to it with. There are multiple attacks such as SS7 or OpenBTS attacks that might further impact the security of the solution.
Behavioural Biometrics is considered compliant with SCA requirement. On the EBA website we can read
” Vendors of biometric solutions represent recognition rates between 96 % up to 99 % which are excellent results and that justifies behavioral biometrics as a second factor to ensure strong customer authentication. Since behavior based characteristics are device independent, it ensures that the PSU is always protected regardless of the environment. ”
Digital Fingerprints is happy to meet the requirements and be the invisible factor of authentication.
Your human computer interaction
Result in the score that reflects certainty that it is you that use the credentials.
Digital Fingerprints S.A. ul. Żeliwna 38, 40-599 Katowice. KRS: 0000543443, Sąd Rejonowy Katowice-Wschód, VIII Wydział Gospodarczy, Kapitał zakładowy: 1 128 828,76 zł – opłacony w całości, NIP: 525-260-93-29
Biuro Informacji Kredytowej S.A., ul. Zygmunta Modzelewskiego 77a, 02-679 Warszawa. Numer KRS: 0000110015, Sąd Rejonowy m.st. Warszawy, XIII Wydział Gospodarczy, kapitał zakładowy 15.550.000 zł opłacony w całości, NIP: 951-177-86-33, REGON: 012845863.
Biuro Informacji Gospodarczej InfoMonitor S.A., ul. Zygmunta Modzelewskiego 77a, 02-679 Warszawa. Numer KRS: 0000201192, Sąd Rejonowy m.st. Warszawy, XIII Wydział Gospodarczy, kapitał zakładowy 7.105.000 zł opłacony w całości, NIP: 526-274-43-07, REGON: 015625240.