The countdown to PSD2 SCA, and why the floor is open for innovation

tl;dr: psd2 brings opportunity, not just rules | tech & fintech collaborations can expedite solutions for fraud prevention, onboarding and data insights | we're delighted to be powering the 'inherence' factor of the MYPINPAD authenticator platform | one solution, three factors for SCA

With just six months to go until the regulatory deadline for PSD2, the dual aspects of stronger customer authentication and the sharing of payments data via open APIs are dominating not just Payments and Compliance functions, but Product and Customer Experience teams alike.

“PSD2 enables problem solving to be expedited in areas such as data analytics, customer onboarding and fraud prevention, faster than ever before.”

PSD2 brings with it not just the objective of providing greater consumer choice and reducing monopolistic strongholds, but also creating a more innovative, collaborative platform upon which to build powerful new propositions. And despite early security concerns around the usage of open APIs, the new open banking architecture is enabling the rapid pairing of tech / fintech companies with financial services organisations and established payment services providers; even bringing together multiple tech / fintechs to create even stronger propositions.

This means that problem solving can be expedited in areas such as data analytics, customer onboarding and fraud prevention, and financial firms can trial integrations and go to production faster than ever before.

Not just another tickbox, but an opportunity

Regulations, as a rule, have come into effect as a way to avoid situations repeating themselves; greater transparency, mitigation against corporate fraud or money laundering, risk balancing and so on. However, rather than ringfencing and quashing activity, PSD2 is genuinely providing the framework to enable a whole wave of new and improved consumer-facing financial services. As published by Aite just yesterday, “the directive’s requirements for strong customer authentication may affect online merchants by increasing friction in the payment process. But PSD2 also dictates that banks have to provide third-party access to their customers’ accounts. If this access allows merchants and their providers to develop new payment models, could PSD2 also represent an opportunity?”

Stronger partnership = stronger customer authentication

AimBrain is delighted to be part of one such fintech & tech collaboration, as announced this morning. Today, six months ahead of the PSD2 deadline, we have announced that MYPINPAD is integrating AimFace, our facial authentication technology into its authenticator platform, for a fast, secure and PSD2-compliant authentication solution.

The MYPINPAD authenticator platform provides a secure enclave for FIs to design and implement mobile payment applications in a PSD2-compliant way. The result is a user authentication that complies to PSD2’s Strong Customer Authentication (SCA) directive, which dictates that at least two factors from Knowledge, Possession and Inherence be used to authenticate a user.

Device + PIN + Biometrics in a single solution

MYPINPAD now provides a single, secure way in which to offer all three factors of authentication; the phone (possession), PIN entry (knowledge) and facial authentication (inherence). To authenticate a user, both the facial authentication and the PIN are required; the two are linked, so that neither works in isolation. This protects against breached credentials (where a PIN is stolen) and presentation or spoofing attacks (where an attacker tries to use images or videos of a customer) for a PSD2-ready SCA solution. This provides greater protection to both institutions and consumers, against fraud originating from breached credentials, account takeover and OTP interception, yet the introduction of a device-based biometric challenge is as simple a concept as Apple/Google Pay.

“The PIN and biometric are linked, so that neither works in isolation. The result is superior protection against breached credentials and presentation or spoofing attacks, for a PSD2-ready strong customer authentication solution.”

Exciting times ahead

It is an extremely exciting time to be in fintech, where solutions can be knit together quickly and brought to sandbox environments that allow organisations to test, trial and go straight to production, faster than ever before. We’re extremely proud to be part of the fintech revolution, and working with forward-thinking organisations like MYPINPAD as they design solutions that help entire sectors surmount the ongoing regulatory challenges, is a great place to be.

Want to discuss authentication in the face of evolving fraud? Drop me a line and I’ll be happy to discuss further.

Share on linkedin
Share on twitter
Share on facebook
AimBrain - Simply Smarter Authentication