Connect with us

Finance

ARE YOU READY FOR SCA?

Published

on

Adrian Jones, CEO at Swivel Secure

 

Whether it’s through a bank’s website or mobile application, consumers can check their balance, pay bills and have instant access to their money 24/7. This convenience has caused NetBanking to boom. Since 2008 we’ve seen the percentage of people in the UK using online banking nearly double – from 35% in 2008 to 69% in 2018.

But the rapid adoption has outgrown policy, leading to a lack of standard cybersecurity regulations in NetBanking, with a huge opportunity for fraudsters. According to UK Finance, 76% of fraud losses in 2018 were gained through remote purchase payments. Therefore, it’s critical that the growing issue of cybercrime in NetBanking is addressed – something which the European Union Payment Services Directive (PSD2) partly aims to do.

 

Adrian Jones

What is PSD2 and SCA?  

Launched in January 2018, PSD2 is a set of regulations for payment services and providers in the European Union and European Economic Area. It is a revision of the regulations set out in the original PSD, which established a single market for payments with a view to creating a more efficient and secure service.

One of the major revisions in PSD2 is the introduction of Strong Customer Authentication (SCA). This is a set of technical standards, outlined by the European Banking Authority, which define the security measures that payment services must comply with to enhance the security of online payments.

The standards come into force this September, so the race is on for banks and payment service providers to put the necessary security procedures in place.

 

Regulatory Technical Standards

Payment service providers need to employ technology that guarantees user authentication and minimises fraud risks. But to comply with SCA, there are three key technical adoptions that payment service providers should consider.

 

1. Authentication: One-time codes

The first aspect of the SCA technical regulations is to implement strong authentication, by utilising authentication one-time codes (OTC). Each time a user actions a payment, the payment service provider must supply them with an OTC. The user then inputs the code to confirm their identity, and validate the payment.

To ensure the authentication code is secure, it must include two or more of the following elements for two-factor authentication (2FA) or multi-factor authentication (MFA):

  • Knowledge – something which only the user knows, like a PIN. The user might then extract a one-time code, using their PIN as a positional indicator
  • Possession – something the user owns, such as a mobile phone application or a hardware token
  • Inherence – something which is associated with the user, including biometrics

 

Additionally, payment service providers need to ensure that these elements can not be deciphered if the code is revealed. Therefore, the OTC shouldn’t follow a sequence or be based on the information the user has supplied, to prevent fraudsters gaining personal information about users or guessing a future code.

2. Dynamic Linking

Secondly, payment service providers need to adopt measures to link the payer, transaction amount, and payee for each transaction in a standard known as dynamic linking. The payer can see the transaction amount and payee at all stages of authentication, and the authentication OTC will be unique to that transaction. Should any element change, the authentication code will be invalidated.

3. Transaction Risk Analysis

Finally, payment service providers need to implement risk-based analysis in real time. Every remote payment needs to be monitored and adequate authentication should be applied. Most banks have implemented some sort of risk algorithm and process already but the Regulatory Technical Standards set out specific criteria for remote payments. This uses risk-based analysis to provide a combined score based on particular parameters, including: the locations of the payer and payee, plus any abnormal spending or behaviour from the payer.

 

What does SCA mean for you?

In addition to the technical changes required to comply with SCA, the regulations may pose some initial obstacles for the banking industry and users.

1. User experience

There’s some concern that the extra steps for strong authentication will have a negative effect on consumers NetBanking experience. To counter this, there are some exemptions to SCA and transaction risk analysis will determine the level of authentication required.

Despite this, Barclaycard’s Director of International Payments, Paul Adams suggests one in ten transactions will need to go through two-factor authentication. So, it’s essential to implement user-friendly two-factor authentication methods which cause minimal disruption whilst securing users’ funds.

2. Cost

Another concern is finding a way to implement SCA at a low cost. Ecommerce sites especially will be keen to find a low-cost solution without negatively affecting users’ checkout experience. It’s important for payment service providers to work with any third parties to find a solution that balances those concerns because cutting costs in the implementation stage could be crippling later down the line, with some predictions estimating SCA to cause €57 billion in abandoned carts if the process isn’t easy enough.

3. NetBanking architecture

Another concern in the industry is how to implement secure authentication across the carefully balanced banking architecture. Bank networks experience surges of traffic in busy periods and this can cause pressure on the service.

One way to mitigate this is by having a layered network which is load balanced for resilience. With this banks can implement two-factor authentication so that each of these layers require separate authentication. This would help keep the layers separate to enhance security, but also ensure the network architecture can withstand both authentication capability and load on the system.

 

The Deadline Approaches

With the SCA deadline approaching, the banking industry will be looking to implement technology to comply. But it’s crucial that any technology can be flexible and secure for each unique network. This will not only help overcome some of the concerns about SCA but also encourage users’ trust in NetBanking and create a more security-aware consumer base.

While SCA is a step forward for cybersecurity in the banking industry, the criteria for certain features may not be secure enough to deter the cybercriminals who are constantly finding new ways to infiltrate the NetBanking architecture.

 

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Finance

Hey, Gen Y and Gen Z do you think you can retire comfortably?

Published

on

By

By Penelope Gregoriou, technical investment specialist at Alexforbes

 

Millions of South Africans rely on the money saved in their employers’ retirement fund to earn an income in retirement. For many people, this is their only formal savings for retirement. Unfortunately, too often, this money is still not enough to sustain them in retirement.

Being a young professional has its fair share of demands and complexities, with real day-to-day demands such as housing, transportation and health needs all perpetually competing for a share of

your wallet. Retirement savings, quite frankly, is a low priority for many. But research shows that it is critically important for young professionals to take responsibility in reaching a reasonable income in retirement – the sooner the better.

According to the 2021 Alexforbes Member Insights publication 65% of members aged between 20 and 30 are expected to replace and live on less than 60% of their final salary when they retire because they have not saved enough during their working lives. Consider this: if you had retired today, could you live comfortably on less than 60% of your monthly take-home salary? This is expected to drop even further below 60% due to low contributions and not keeping retirement savings invested when changing jobs throughout the remainder of working careers.

Research by the publication found that a retirement fund member who has actively increased retirement fund contributions by 0.25% each year since 2012 would have achieved a 2% increase in salary contribution rate by 2020. A small incremental increase such as this can lead to an almost 10% improvement in expected retirement benefits for younger members.

The need for better solutions

Penelope Gregoriou

The key underlying issues compromising pension outcomes are largely due to younger members:

  • choosing lower contribution rates to increase their take-home pay
  • having little or no access to relevant information
  • not clearly understanding what their options are at critical points in their financial journey
  • not knowing the long-term consequences of the financial decisions they make today
  • not having access to financial advice or financial counselling

There is mounting evidence that more people are realising how important the right information at the right time is and the long way it can go in supporting their financial journey and setting them in the right direction.

Digital member engagement solutions, financial wellness programmes and seamless in-fund and out-of-fund savings solutions all serve a valuable purpose in helping young members improve decision-making and the prospects of a more comfortable retirement.

Supporting this notion is the finding that 78% of retirement fund members want short-term and long-term financial planning (2021 Alexforbes Member Insights). It is clear that retirement funds cannot only be solving for retirement savings and income. Providing expert, holistic advice on retirement, group risk, health management, healthcare, investments, employee wellbeing

solutions and skills development can help members make the most of their long-term financial futures. More members are realising the advantages of having access to holistic solutions that provide them with personalised information, engagement and advice to make better, informed decisions today while still helping them plan for tomorrow.

Enabling the good and mitigating the bad

Retirement might seem like a far-off reality – especially when you’ve just started working – but it is still a reality. Your money competes for a lot of immediate priorities, but a long-term priority can only be met in the present. While you might often feel like you are on a seesaw of financial instability and discomfort, finding financial services that can provide you with a balance of pertinent products and solutions during critical times in your career – such as joining or leaving a company – can assist to preserve savings intended for long-term priorities, such as retirement.

Though there are challenges that come with being a younger professional, it does come with the significant benefit of time. As a younger investor in a retirement fund, you have a long-term investment horizon. Saving from an early age means that your money has more time to work for

you. Thanks to the impact of compound interest the amounts contributed in the early years of retirement saving add the most to your probability of a comfortable income at retirement. That is why it is imperative to maximise this opportunity as best and as early as you can.

You don’t have to do it alone

Employee benefits, and what they can offer employees, have evolved into solutions that are relevant and effective enough to guide members, especially during the critical moments earlier in their career and lives. Previously isolated benefits are now more integrated in employer-sponsored retirement funds to mirror the reality of members’ lives and accommodate their immediate and long-term needs, simultaneously.

An employee benefit provider can support employer-sponsored retirement funds with information and insights when reviewing the benefit design and engagement plans of their funds. The additional support that an employee benefit provider with an integrated and holistic offering can present can help members get over day-to-day hurdles – emergency savings, health needs, education – that could derail them in meeting their long-term retirement objectives. This could be something as simple as misunderstanding retirement benefits and the options at a member’s disposal. Helping members understand the total picture of what’s on offer, and what’s at stake, throughout their individual life journeys can go a long way in guiding better decisions at the right times to ultimately improve outcomes.

Starting a new job is a big change. You may need some help to make good decisions as you start your new job. Even small financial decisions you make now can affect your ability to reach your goals. You are planning for a critical time in the future. Ensure that you are getting the right foundations in place today, holistically.

This is the most opportune time as any to rethink how you have approached your employee benefits. Financial toolkits, like the newly launched My Money Matters portal from Alexforbes, offer members guided access to content that can help them better understand their retirement fund benefits and make better financial decisions based on their personal circumstances.

Continue Reading

Finance

Getting ready for VAT digitisation: automation is key

Published

on

By

Christiaan Van Der Valk, Vice President for Strategy and Regulatory at Sovos, says technology will power real strategic success for companies required to follow continuous transaction controls (CTCs).

A growing number of governments and businesses around the world are adopting digital-first approaches for a multitude of processes, resulting in a need to move away from traditional paper-based invoicing and embrace real-time tax reporting. This trend has been largely led by Latin American countries such as Brazil, Chile and Mexico. Through adopting real-time reporting via electronic invoicing systems, they have been able to better understand their economies, reduce fraud, and close VAT gaps.

The shift to continuous transaction controls (CTCs) allows transaction data to be automatically streamed to governments, reducing the need for resource-intensive business systems and document audits for tax administrations. Through the use of rich, standardised data, tax authorities are able to compute a business’s tax liability. Businesses are generally not required to be heavily involved in this process.

With this requirement – combined with invoicing – businesses would be able to avoid filing periodic tax returns, relieving them of the burden of running VAT compliance teams and filing reports that bring no benefit. The practice, however, calls for a more comprehensive data management approach and proactive data reconciliation across different sources of government-controlled transaction data. For this reason, companies need access to a high-quality dataset in case they must challenge government-determined tax liability.

It can be problematic to have poor data quality in a VAT environment that relies heavily on legacy reporting. For example, there have been instances in which reports were inconsistent or didn’t correspond to accounting data in audits. Consequently, fines or penalties may be imposed. However, in the world of CTCs the consequences of data quality issues are of a very different magnitude. Your financial and physical supply and demand chains can practically grind to a standstill if your data isn’t approved by the tax administration – especially in nations where the tax administration ‘clears’ the invoice in real-time such as in Italy, Mexico and Brazil.

Many businesses with responsibilities in VAT jurisdictions are missing something important here. Beginning to utilise automation and other more specialised tools for producing VAT returns is a critical step toward harnessing the benefits from the mandated transition to CTCs as opposed to focusing on the challenges.

Manual is outdated

A lot of businesses are still using manual processes like spreadsheets to manage their VAT compliance, which essentially involves the time-consuming production and submission of VAT returns.

Through implementing technology like automated rules in software, companies can maximise the validity of VAT data. As well as simplifying and re-risking VAT reporting activities, the effort required to design the steps to enhance data using automated rules engines means establishing structured definitions of ‘what’s wrong with your transaction data?’ These definitions can then be used to identify the cause of quality concerns in upstream business processes and address them in order to dramatically improve CTC readiness.

For many businesses, the majority of quality concerns are down to the manual and paper-based processes used in internal workflows and trading partner relationships. Therefore, automation will play a vital role in properly preparing for CTCs.

Preparing data in this manner for VAT enforcement means that a business is paving the way for a more data-driven approach to compliance in general. Companies will increasingly be required to coordinate data being submitted to tax administrations automatically from a range of business process and accounting systems, once CTCs and other VAT digitisation initiatives become operational.

Keeping up to date with the expanding scope of information that is handed over to tax administrations in these automated data transmissions is crucial, so that companies can maintain a level of control over the image of their business operations that is constructed for the tax authorities.

As well as this, a business may benefit from this insight across data encompassing the full supply chain and transactions.  For instance, this information gathered could be turned into tactics to help with strategic planning.

Business leaders may reduce expenses, boost resilience, and improve controls by automating tax and business operations and adopting a data-driven approach to compliance, allowing for a more accurate and detailed understanding of granular reporting needs.

Organisations should prioritise the building of dashboards utilising modern analytics tools to prepare for this huge transition. It’s also important to have a well-organised evidence base with clean digital archives. Technology and the insight it brings will be the driving factor for real strategic success as economies recover from the pandemic.

Data flow is key

As tax authorities and governments work to reduce VAT gaps, greater visibility into corporate databases is at the top of their agenda. This is accomplished through the government’s digitisation of all tax reporting, in which data is delivered at regular intervals that correspond to the flow of transactions and the government’s data requirements.

It is imperative that transaction data, relevant primarily for VAT purposes (though not exclusively), be received in a transactional manner. Meanwhile, other types of information, like payment data or inventory movement, may be requested on a weekly or monthly basis, whereas broader accounting data might be requested more frequently.

The introduction of CTCs should not be viewed as an IT formality, but as the first step in tax administrations gaining easy, timely and effective access to source data. The digitisation of tax will enable administrations to access data on a regular basis, as well as at a granular level.

As companies transition from manual data entry into this new world of automated data exchange, they should concentrate on why this change is important rather than how it is happening. The real prize here is not getting the ‘plumbing’ to work according to government specifications; focusing on this ‘how’ question means that companies may be missing out on a potentially critical business enabler, but equally they may be inadvertently setting themselves up for much higher levels of compliance risk.

With the introduction of CTCs and various forms of detailed digital reporting, companies should be prepared to be exposed to much more stringent audits. The reason for this is that data quality or consistency issues will gradually become more transparent to tax administration teams, which will increasingly be enabled to respond to even the smallest inconsistencies that may previously have gone under the radar with surgical precision.

The higher level of visibility allows tax authorities to cross-check more company data, its trading partners and third parties’ data. These abilities will be vastly improved as more governments complement CTC requirements with mandates for SAF-T and similar electronic auditing requirements. Through thorough analysis of this growing mass of real-time and historic data, a firm’s operations can be fully understood.

Successfully adapting to CTCs means investing in the journey rather than the destination. As everything becomes more digitised, organisations must stay on top of these changes and maintain the same level of data insights as tax authorities do. There will be a growing need for this as more countries introduce CTC regimes (both France and Germany are on the horizon).

Adapting business tools to deliver better data insights is essential to facilitating tax digitisation, both to satisfy global tax authorities and to achieve a competitive advantage in the market. In short, companies should remain fully alert and prepared to ensure a smooth transition and successful outcome of CTCs, which are the logical next step on the road to business transparency.

The domino effect of CTCs

The willingness of autonomous governments to accept digital tax reporting will determine how widespread its implementation becomes. Following more than a decade of success with these methods in Latin America, governments all over Europe, for example, have made major moves toward introducing CTCs. In doing so, there is a great deal of preparation that international companies need to do which can take a considerable amount of time and resources.

In all jurisdictions with indirect tax systems, moving toward increasingly digitised tax controls is the only path. With real-time data, governments can better understand and analyse their country’s economic health, while also enhancing fiscal controls and reducing fraud. It’s just a matter of time until these digital programmes become standard practice on a global level, as countries all across the world begin to recognise their success in reducing fraud, increasing efficiency and closing VAT gaps.

Continue Reading

Magazine

Trending

Finance9 hours ago

Hey, Gen Y and Gen Z do you think you can retire comfortably?

By Penelope Gregoriou, technical investment specialist at Alexforbes   Millions of South Africans rely on the money saved in their...

Uncategorized9 hours ago

GDPR: data security four years on

Bruce Penson, the managing director of cyber security and IT support company Pro Drive IT, outlines how GDPR has changed...

Banking9 hours ago

The importance of Customer Experience (CX) for retail banks today

By James Isaacs, President, Cyara   Today’s retail banks face considerable challenges. Open banking initiatives –  that make it easier...

Finance9 hours ago

Getting ready for VAT digitisation: automation is key

Christiaan Van Der Valk, Vice President for Strategy and Regulatory at Sovos, says technology will power real strategic success for...

Banking9 hours ago

Challenging the challenger: Why the digital transformation of traditional banking is key for competing with challenger banks

By Sam Schofield, Senior Vice President: Global Enterprise at Udacity   Monzo and Revolut are only seven years old. Starling,...

Wealth Management10 hours ago

Green with Envy – an Environmentally Conscious Data Center

Mark Fenton, Product Manager, Future Facilities   Environmental considerations are at the top of every business leader’s agenda and an...

Technology10 hours ago

How Digital Adoption Platforms can enhance digital transformation and customer experience in the insurance industry

By Vara Kumar, CPTO & Co-founder, Whatfix   Like many industries, the insurance sector was prematurely hastened towards digitalisation due...

Business19 hours ago

Why do Traders Need a Managed Service Partner?

Jeff Mezger, Vice President of Product Management, Financial Markets, TNS   Does your financial institution have the understanding, resources, talent...

Business19 hours ago

The FCA will take immediate action on customer vulnerability; here’s how firms can prepare.

Author: Jonathan Barrett, CEO and Co-Founder at Comentis   Identifying and supporting vulnerable clients has become a priority for financial...

The Green Revolution In Investing - Sustainable Investing The Green Revolution In Investing - Sustainable Investing
Business1 day ago

How fintech is key to empowering climate action

Attributed to: Rory Spurway, CEO & Founder of CarbonPay   As human activity continues to have a significant impact on...

News2 days ago

Fractional NFTs- A Positive Impact on the Market

Non-Fungible Tokens (NFTs) have been making headlines for quite some time now. The phenomenon is getting a lot of attention...

Technology2 days ago

Are cyber insurance and incident response budgets the same thing?

Dominic Trott, head of strategy – UK, Orange Cyberdefense   Cyberattacks on businesses increased by 13% in 2021 compared to...

Business2 days ago

Ticketing modernization: the key success factors for an outstanding deployment

Arnaud Depaigne, Product Manager, Smart mobility, Fime   Technology has transformed the way we pay, and transport ticketing has been...

Finance2 days ago

How to increase the growth of crypto apps in a challenging market environment

By Alexandre Pham, Vice President, EMEA at Adjust   Crypto and digital assets became one of the hottest tech topics...

Business3 days ago

Businesses must adapt to meet customers’ evolving payment needs

Nathan Shinn, Founder and Chief Strategy Officer, BillingPlatform   From the lingering impact of the COVID-19 pandemic, through to the...

Banking4 days ago

Carbon Neutral and Net Zero: The New Disrupter-in-Chief

Authored by Jason Matteson, Director of Product Strategy, Iceotope   When we think of market disruptors we typically think of...

Business4 days ago

Balancing risk management with a seamless customer experience

By Andrew Davies, VP, Global Market Strategy, Financial Crime Risk Management, Fiserv   For quite some time, measures to mitigate...

Business4 days ago

The need for blockchain to be interoperable and why it matters

By Kai Waehner, Field CTO and Global Technology Advisor at Confluent   In mid-2022, it would be fair to say that...

Interviews4 days ago

How MFA can protect the financial sector from the unprotectable

The financial sector has long been a primary target for threat actors. However, the unique infrastructure of core financial systems...

Business5 days ago

Why a three-step framework can help financial advisers support their most vulnerable customers.

Author: Tim Farmer, Co-founder and Clinical Director at Comentis   We are witnessing a vulnerability epidemic. With the Financial Conduct...

Trending