David Orme, Senior Vice President at IDEX Biometrics ASA
In August 2019, the Financial Conduct Authority (FCA) announced an 18-month delay to the enforcement of the new Strong Customer Authentication (SCA) rulings under the second Payment Service Directive (PSD2). The rulings were originally introduced to enhance the security of payments and limit fraud during the customer authentication process for online and in-person contactless payments.
Online, or card-not-present (CNP) transactions, and contactless payments are two of the main routes to card fraud. Because of the lack of a PIN or authentication method, these forms of payment present a specific challenge for retailers to verify the actual cardholder and validate their payment effectively. The introduction of SCA aims to reduce high levels of online and payment fraud caused by this process, all while enhancing consumer rights.
For merchants in the European Economic Area, the SCA ruling means they must now require two methods of authentication for CNP transactions. This means when a retailer takes a payment without the card being physically present, such as for an eCommerce transaction. When the directive is enforced in March 2021, two of the below three authentication methods must be used to confirm a CNP transaction:
- Something you know – such as a PIN or password
- Something you have – possession of the card or a bank-issued card reader and one-time PIN
- Something you are – biometric data
The additional authentication process also applies for some contactless payments, with shoppers having to enter a PIN for every fifth transaction, or after a certain spending limit has been reached, currently considered to be £100.
Why the delay?
The SCA ruling will affect the whole payment market, including card issuers, payment providers, online retailers, in-store merchants and consumers. However, the European Banking Authority (EBA) this summer noted a significant lack of preparedness for the regulation among the payments industry and retailers, which is likely to have a significant impact on consumers.
The extension to the deadline is intended to give the industry time to prepare for the roll out of the directive. To address the industry’s lack of readiness, the FCA has created an 18-month plan which provides support and steps those within the payment ecosystem need to adopt to implement SCA.
Discussing the introduction of SCA, Jonathan Davidson, Executive Director for Supervision, covering Retail and Authorisations at the FCA, has said, “The FCA has been working with the industry to put in place stronger means of ensuring that anyone seeking to make payments is not a fraudster. While these measures will reduce fraud, we want to make sure that they won’t cause material disruption to consumers themselves; so we have agreed a phased plan for their timely introduction.”
The preparation timetable
So, given their lack of preparation, how does the payment market get ready for the roll-out of the ruling between now and the new deadline of March 2021?
The suggested industry solution is to use a one-time passcode (a possession factor) plus another factor (with knowledge, such as PINs only as fallback). According to the FCA, while the industry is still implementing this approach, the most important step is to start clear communication with consumers now. Retailers and banks should already be open and transparent with customers to minimise the risk of unexpected disruption to payments.
To provide this level of communication, retailers and suppliers need to educate themselves regarding the issues and requirements needed to ensure they are SCA compliant. The so-called ‘learning period for implementation’ runs up to March 2020, by which time the financial authority expect retailers to understand the regulatory requirements and have begun to take steps towards technological readiness.
By this point, merchants should be actively testing to ensure their solution will work correctly by the following year. Then by March 2021, the FCA expect to see operational readiness and a solid ‘issuer behavioural solution’ from all retailers and financial institutions, to meet the regulation deadline.
Biometrics: the long-term solution to secure payment authentication
While one-time passcodes are considered the interim solution, the FCA also outline that long-term, authentication through biometrics and mobile app-based solutions is the future of secure payments. Adopting biometric payment cards or using fingerprint readers on smartphones to authenticate online payments offers an important way for retailers to balance security measures that comply with the SCA regulation with ease-of use for the consumer.
Following smart fingerprint biometric payment cards, the user registers their fingerprint on the card at home through a portable enrolment device. Once the reference fingerprint is recorded, it never leaves the card so data cannot be hacked. The biometric bank card can then be used with existing payment infrastructures — including eCommerce, chip and PIN and contactless card readers — in the usual way. The sensor is placed in such a position to make it easy for the consumer to simply hold and tap their card with their thumb or finger over the sensor, meaning that even post-SCA contactless payments can continue quickly and easily, without PINs or payment limits.
For online payments, biometric payment cards offer further possibilities to strengthen the security and SCA compliance for e-commerce retailers. The addition of a digital dynamic Card Verification Value (CVV) number on the front of the card would present a new code whenever the card owner’s fingerprint is presented on the card. This means that the traditional payment card would be transformed and consumers would be protected against both the theft of static card numbers for fraudulent online transactions and physical card theft.
The implementation of biometric fingerprint payment cards across the payments market would ensure that card issuers, payment providers, online retailers, in-store merchants can all meet the SCA requirements for online and contactless transactions.
Therefore, fingerprint biometric smart cards are a way of putting payment security firmly in the hands of the consumer in line with the SCA requirements. As the payment ecosystem works to meet these guidelines it should look towards this biometric innovation to provide secure authentication with the convenience that consumers expect and demand.
Fail to prepare, prepare to fail
During the delay, it is the responsibility of the payment ecosystem to ensure they understand the new regulations and implement methods to protect consumers from fraud. Security measures must be put in place to comply with the SCA requirements sooner, rather than later.
If the payment ecosystem fails to prepare, or comply with this new ruling, it will open consumers up to a significant threat of card fraud, whether from shopping online, or in store. Therefore it is imperative that card issuers, payment providers, online retailers and in-store merchants act now to prepare for the new regulation. Biometric fingerprint payment cards offer an opportunity for banks, retailers and merchants to embrace payment innovation that will help them meet these new secure forms of authentication with confidence and ease.
CAN TECHNICAL INNOVATION HELP FINANCIAL SERVICES FIGHT BACK AGAINST FINANCIAL CRIME?
By Charlie Roberts, Head of Business Development, UK, Ireland & EU at IDnow
It’s no secret that the financial services sector is a top target among cyber criminals. In fact, according to a report from IBM, it retained its top spot as the most targeted sector in 2019.
The consequences of falling victim to an attack can be severe too. It can lead to financial losses and reputational damage as well as loss of customer confidence and therefore sales. One UK financial services firm, for example, was hit by a total loss of $87.9 million.
So, if we consider that the coronavirus crisis continues to drive increased online consumer activity, should financial services be more concerned? Simply put, yes.
We are seeing a significant increase in organisations taking their business online to reach their customers. Banks, for example, in adapting to COVID-19, are offering customers a more convenient way of opening an account given branch visiting restrictions. But while these services offer more choice and ease for customers, it also means that new account fraud is opening up and is becoming a major challenge for organisations to overcome.
Some cyber criminals are even trying to exploit the pandemic as an opportunity for financial crime by posing as trusted organisations like banks and even the World Health Organisation. According to Action Fraud, over £6.2 million has reportedly been lost by UK citizens to coronavirus-related scams. And this figure continues to rise week by week.
The role of innovation
The rise in financial crime shows just how much the financial services sector is in need of technological innovation. We’ve already seen great progress. About half of financial services and insurance firms globally already use Artificial Intelligence (AI), according to Forrester.
It has many use cases too. In a recent report published by The Alan Turing Institute, AI is largely being used for fraud detection and compliance. AI is beneficial because its algorithms can analyse millions of data points to detect fraudulent transactions which could otherwise go unnoticed by humans. What’s more, these AI-driven fraud detection systems can now actively learn and calibrate in response to new potential (or real) security threats.
The report also details some of the ways that financial services companies are exploring AI-based fraud prevention alternatives. It includes the use of AI to increase approvals for genuine transactions and the use of real-time and high volume data to help protect schemes, financial institutions and their customers from fraud and financial crime.
It’s perhaps no wonder that, outside of the technology sector, the financial services industry is the biggest spender on AI services according to The Bank of the Future report from Citi. But there is still some way to go in using technology to combat financial crime.
The identity verification era
Arguably, identity verification is one of the most important processes that technology can help transform – especially as the current crisis continues to drive increased online customer behaviour. In fact, AI and video based identity verification software can provide financial services organisations with a fast, seamless and secure onboarding process that increases conversion rates and customer satisfaction while providing the highest level of security.
Demand for this software in the UK’s financial services sector has already more than doubled since the start of the year, as growth in scams linked to COVID-19 continue to rise.
It’s this technology that will become critical in validating a person’s identity quickly and confidently while limiting the increased risk of fraud for both businesses and consumers.
IDnow’s AutoIdent is one software solution that has this year been experiencing high demand from the financial services industry. Its AI technology can use the camera on a customer’s smartphone to recognise the country and type of ID document without the need for user input. The technology then captures the machine-readable part of the ID document as well as non-machine-readable areas, such as address fields, before automatically checking the optical security features of the ID documents, such as holograms.
With the subsequent biometric video check of the person and “liveness detection”, the identification process is completed for the customer within just a few steps. The system can then decide if the identification is valid, with a reliability that meets compliance requirements.
The threat of financial crime is not going away any time soon and so there is no better way than to fight back with innovation. With the right technology investment, such as in AI identity products, the sector will be in a stronger position to support businesses who have a duty of care to protect their customers from risk of fraud while ensuring they remain resilient during this pandemic.
COULD COVID-19 BE THE CATALYST FOR DIGITAL TRANSFORMATION IN FINANCE?
By Simon Bull, Sales Operations & Business Development Manager at Aqilla
We are all now living in a new ‘normal’ where working from home is no longer a luxurious ‘perk’ of the job, but an essential. In the case of many organisations, the transition to flexible, remote working was successful, albeit slightly bumpy. But there is one department that has found it more challenging to transition to the required standards of remote working – the finance department.
The finance department often gets left behind when it comes to digital transformation largely because it is so heavily regulated. And because of this, one of the biggest problems the finance teams face is that it’s sensitive data will likely be stored on a hardware server on office premises. If you look at how organisations update their software as they grow, it’s usually the finance department lagging far behind, or sometimes forgotten about altogether. This is because finance has complex requirements that can lead to the attitude of: if it ain’t broke, why fix it?
Up until now, most finance teams have overcome the challenges this situation presents, but with the repercussions of the pandemic still very much in play, the complications that go hand-in-hand with on-premise technology have been more noticeable than usual. As a result, COVID-19 is becoming a catalyst for a digital transformation in finance, or more specifically moving finance and accounting software away from traditional on-premise solutions to built-for-cloud services. But what are the advantages of this approach, and what should finance teams be looking for in a built-for-cloud solution?
Cost: The Software-as-a-Service (SaaS) approach that is the basis of many of today’s cloud computing businesses generally offers customers a convenient monthly pay-as-you-go model. Given that all that users need to access the software is a desktop, laptop or smart device and internet connectivity, they can also save money on the server hardware that has previously sat in the corner of the office. Hint: compare pricing from several potential providers to make sure there are no unexpected extras before signing up.
- Service: Good cloud-based providers offer extremely strong levels of customer support and service. It should be very easy to get help quickly and conveniently, and they should be in a position to offer advice, identify problems and fix errors without undue delay. Hint: ask for references from existing customers or look for online reviews to assess their service and support capabilities. Also, carefully check their Service Level Agreement (SLA) to clearly understand where their commitments begin and end.
- Security: Established cloud providers offer high levels of security, data protection and backup services as part of their ‘as-a-Service’ package. Customers benefit from the protection afforded by security specialists whose job it is to prevent breaches and keep data completely secure. Hint: Check their security policies and consider talking to existing customers about their security track record.
- Compliance: Cloud providers specialising in the finance industry should have compliance at the heart of their product set. Hint: Check with potential providers about their levels of compliance and certification, particularly if you have specialised requirements.
- Ease of use: today’s built-for-cloud software services are built for purpose, with many offering a high degree of bespoke capabilities so every user can tailor it to their precise needs. This is in contrast to traditional software packages that can be far less flexible, forcing the user to work in a particular way that might not be ideal. Hint: ask potential providers for an online demonstration to check the way the services work meet your needs.
- Performance: In the early days of cloud computing, finance software was too basic for many professionals to consider. Today, there are many entry-level services, while others offer a comprehensive range of capabilities to precisely fit the needs of professional finance departments. Hint: evaluate the range of capabilities offered by a cloud provider, which should include areas such as: extensive analysis, proper periodic management and business calendars, multi-currency, multilingual and multi-company operation, full VAT handling International coding, tax and language flexibility, automatic reconciliation / bank integration, built-in key performance measurement, advanced search, selection and drill-down, document and image scanning. Hint: compare the features of different providers in advance – if anything important is missing, look elsewhere.
- Regular updates: Software developers find it much easier to update and improve their services when they are delivered online, and can more effectively keep up with finance best practice and changes to rules and regulations. Many also encourage users to suggest improvements or new features which are then provided to customers at no extra cost. Hint: ask providers about how often they update their software and whether you can suggest improvements.
For many businesses, these are compelling reasons to adopt cloud-based finance software services, even in normal circumstances. But considered in the context of the current remote working environment, built-for-cloud finance software can help departments to adapt and capitalise on working from home and match the levels of digital transformation seen across many other key business functions.
NO SAFE HARBOUR FOR DIGITAL BANKING
by Konstantin Bodragin, Business Analyst and Digital Marketing Officer at Bruc Bond At the beginning of 2020, the future...
CAN TECHNICAL INNOVATION HELP FINANCIAL SERVICES FIGHT BACK AGAINST FINANCIAL CRIME?
By Charlie Roberts, Head of Business Development, UK, Ireland & EU at IDnow It’s no secret that the financial...
ARE MIDDLE EAST ENTERPRISES PREPARED FOR THE FUTURE?
Deloitte releases 2020 tech trends report Deloitte’s 11th annual report on technology trends captures the intersection of digital technologies, human...
ONLINE STOCK BROKERS ARE BENEFITING IN 2020
2020 has changed our lives in dramatic ways. Thanks to COVID-19, many of us now work from home. Rather than...
COULD COVID-19 BE THE CATALYST FOR DIGITAL TRANSFORMATION IN FINANCE?
By Simon Bull, Sales Operations & Business Development Manager at Aqilla We are all now living in a new...
WHY OPEN BANKING SHOULD BE EVERY MARKETER’S BEST FRIEND
By Kathryn Wright, CSO, Upside To date, Open Banking has been mainly utilised to help consumers with account switching...
TOP TECHNOLOGY TRENDS FINANCIAL INSTITUTIONS SHOULD INVEST IN TO BRIDGE THE GAP IN REMOTE WORK
Chirag Shah, Senior Vice President, Fintech & Innovation Lead, Publicis Sapient More than ever before, technology is critical to...
TOP 5 LINKEDIN PROFILE OPTIMIZATION HACKS FOR ASPIRING BANKERS
According to Firmex, finance professionals cannot afford to be not on LinkedIn. A significant number of organizations acquire talent in...
TAPPING INTO THE DATA GOLDMINE: THE FUTURE OF DATA-DRIVEN CREDIT MANAGEMENT
Willand Brienen, product owner at Onguard Data, and the insights it reveals, can offer organisations a vast number of...
ENLISTING TECHNOLOGY TO HELP FIGHT FINANCIAL CRIME
By Rachel Woolley, Director of Financial Crime Fenergo Million-dollar properties, private jets and parties on luxury yachts with celebrity...
TRANSFORMATION IS NON-NEGOTIABLE FOR BANKS LOOKING TO DELIVER VALUE IN A POST-PANDEMIC WORLD
Andrew Warren, Head of Banking & Financial Services, UK&I, Cognizant In addition to responding to changing customer expectations, higher...
HOW MILLENNIALS CAN GET AHEAD WITH THEIR MONEY
Granville Turner, Director at company formation specialists, Turner Little. Millennials are often painted as globe-trotting creatures that spend more...
STOPPING THE CHARGEBACKLASH
By Gabe McGloin, Head of Intl. Merchant Sales @ Verifi Brands have been encouraging consumers to move their shopping...
CONSUMERS ARE READY FOR BIOMETRIC PAYMENT CARDS
Lina Andolf-Orup, Head of Marketing at Fingerprints We’ve come a long way in the evolution of digital payments. Magnetic...
WHY IT PAYS TO MAKE CYBER SECURITY PART OF THE M&A DUE DILIGENCE PROCESS
Anurag Kahol, CTO at Bitglass Mergers and acquisitions (M&As) enable business leaders to adapt fast to new opportunities. Whether...
GOING FOR INVESTMENT IN CENTRAL EUROPE: START-UP LIFE OUTSIDE A TRADITIONAL TECH HUB
A Q&A with Bence Jendruszak, Co-founder and COO at SEON At what stage did you realise you were going...
CLOUD ALLOWS BANKS TO BASK IN CHANGE
by: Elliott Limb, Chief Customer Officer at Mambu As a new era of banking takes off, the cloud is...
COVID-19 WILL DRIVE FINTECH ADOPTION – BUT AT WHAT COST?
By Ian Bradbury, CTO – Financial Services at Fujitsu UK Even before the impact of Covid-19, the financial services...
HOW TECHNOLOGY IS POSITIVELY IMPACTING COMPLIANCE AND HOW IT IS HELPING TO STREAMLINE PROCESSING TIME AND COST FOR FIRMS
By Joe Woodbury, Director – Investment Management Solutions at Lawson Conner (part of IQ-EQ) Private Equity & Real Estate...
TECHCOMBANK AND COMPASS PLUS CELEBRATE 15 YEAR MILESTONE IN BANKING PARTNERSHIP
Since issuing the first Visa card 15 years ago using solutions provided by trusted partner Compass Plus, Techcombank, one of...