Connect with us

Technology

HOW CAN THE PAYMENTS INDUSTRY PREPARE FOR SCA WITH BIOMETRICS?

Published

on

By Vince Graziani, CEO, IDEX Biometrics ASA

 

Significant developments are afoot in the retail and payments industry, with vendors needing to prepare for Strong Customer Authentication (SCA). It’s set to be the most significant change to how people pay for things, not only online but also for card-present retailers across Europe. The deadline for compliance with the regulation has recently been extended again, this time to March 2022.

This is now the third time the deadline for retailer compliance has been pushed back, with the Financial Conduct Authority (FCA) worried vendors are not prepared for the new payment security approach. Which raises the question, will SCA every really take off?  Well, for retailers the extended deadline can be viewed in a positive light. The fact that there are now a further ten months to pilot and then launch their response gives retailers more time to adapt their authentication and verification tools. But it’s also a benefit for banks and payment providers too.

The ongoing delay to the SCA will give the payments industry extra time to prepare for the rollout of the directive so they can deliver a secure SCA payment option to consumers. If the payment ecosystem fails to use this time to prepare or implement the right technology to comply with this new ruling, it will open consumers up to a significant threat of card fraud.

 

Vince Graziani

The challenges faced within the retail space

There has been a large amount of focus on the implications of SCA when shopping online; however, face to face purchases will also need to be revisited. Even when using a card physically, SCA will require two-factor authentication for every purchase made over the contactless limit. This additional layer of protection provides a more stringent authentication process that will help to keep millions of accounts safe from both traditional fraudsters and cybercriminals.

Two-factor authentication means that not only will the user need to provide their details when making a purchase, they’ll also have to confirm their identity with:

  • something they know (a PIN or password),
  • something they have (such as a smartphone),
  • or something they are (biometric face or voice features or a fingerprint).

Once implemented, this will be beneficial in protecting consumers, however, getting to this stage will be a challenge. The requirements are set to cause widespread disruption to the retail space. The introduction of SCA will require in person merchants and card issuers as well as online Payment Service Providers (PSPs), such as PayPal and WorldPay, to have in place the technical enhancements and testing needed by the deadline.

 

Educating the shopping public on SCA

This presents a significant logistical challenge; maintaining effective fraud prevention while keeping an optimised customer experience is not easy. But perhaps the biggest challenge of all is that consumers themselves still aren’t entirely aware of SCA or what will be expected of them come March.

The introduction of SCA demands collaboration within the industry to educate consumers, but ultimately it is up to payment providers to provide a reliable, secure and SCA-approved method of payment to consumers. Providers must also ensure that the method they choose is not only up to standard but is affordable and accessible to all.

 

Preparing for the future of secure payments with biometrics

Biometric payment cards offer the answer for payment providers to help prepare for SCA. Not only will these cards – with inbuilt fingerprint sensors to verify ownership – provide strong customer authentication, but they also come with the added benefit of convenience. Validating your payment with a fingerprint speeds up the transaction process and removes the requirement of PINs or the use of a smartphone.

Biometric fingerprint payment cards offer banks and payment providers, an opportunity to embrace payment innovation that will help them meet these new secure forms of authentication with confidence and ease.

It is worth noting that some payment card manufacturers, such as IDEMIA, are already preparing biometric payment card solutions. These will be ready for banks and card issuers to adopt so they have the time they need to pilot and roll out the new payment method before the new SCA deadline is imposed.

The FCA has also outlined previously that long-term authentication through biometrics and mobile app-based solutions is the future of secure payments. The use of biometric payment cards to authenticate online payments will offer an important way for retailers to balance security measures that comply with the SCA regulation whilst also delivering ease of use for the consumer.

 

Business

TAKE THE NO-CODE LEAP TO DIGITAL INNOVATION WITH A FUSION TEAM

Published

on

By

Chris Obdam, CEO, Betty Blocks

 

In the last couple of years, a new sector has emerged alongside enterprise financial organisations—an ecosystem of fast-growing Fintech startups that develop innovative solutions for the banking sector. These small, flexible startups and scale-ups began filling a gap the ‘big boys’ left quite some time ago. Then, they gained even more ground during the pandemic. According to KPMG, Fintech investments worldwide amounted to $98 billion USD in the first half of 2021, compared to $121.5 billion over the whole of 2020[1].

 

The massive surge has financial regulatory bodies scrambling to balance the benefits of modernising the industry with the necessity of strong oversight. But, what if traditional financial enterprises could combine their durability, reliability and years of experience with the flexibility of a startup? They can! More and more enterprise organisations are becoming agile, empowering digital-savvy colleagues and improving competitive value.

 

Fusion teams

Their approach? They break through patterns and almost literally through walls in their organisation. The most successful organisations team up with genuine problem solvers. It’s a solution-oriented approach, which can be really successful if governed the right way. We like to call it a fusion team, a team that empowers digitally-skilled and solution-oriented employees to work side-by-side with the IT department while using a low-code and no-code development platform.

 

Citizen development

A fusion team brings together people with diverse professional backgrounds who use data and technology to achieve shared business outcomes. Ideally, a fusion team combines pro-developers with citizen developers. A citizen developer is a business person without coding experience that builds apps using a no-code or low-code platform.

The purpose of the professional developer, in a fusion team, is not to train the citizen developer to become a pro-developer but to bring guidance and governance to the project. Before building successful software, a fusion team will require knowledge and guidance through the software development life cycle (SDLC) phases. IT feedback is crucial to helping a fusion team understand what makes good software and how new platforms can (or cannot) integrate into an existing system. Citizen developers should receive coaching to make decisions that lead to architecturally sound, value-adding applications.

 

What are the challenges that a fusion team can tackle?

  • Modernisation of legacy systems. Many banks have been around for years, expanded their software, but regularly have to deal with legacy systems or even a vendor lock-in.
  • Regulations can change fast; that’s why financial organisations need to increase flexibility and improve adaptability. A flexible layer on top of core systems or legacy systems can profit the whole organisation.
  • Counter shadow IT. Thousands of employees means that a lot of solutions are single handedly-built. All these solutions can be beneficial for the employees and even for your customers, but the thing is that they are not checked and governed by IT. For example, you run the risk that they are not meeting all your security requirements.
  • Digitisation of processes, like the onboarding process for customers, is still a long paper process within financials. What if this could be 100% digital and automated? This could save you a lot of repetitive work, energy and money.

 

Create an environment for innovation

Banks tend to have difficulties setting up the right conditions to empower the workforce to innovate towards the future. Our first reaction to possible security risks is to impose more rules and restrictions, while the solution lies in a coaching attitude, independent of strict regulations. You can empower digital transformation by using a no-code or low-code platform.

A fusion approach encourages better software governance, allowing IT to help mitigate the risks of shadow IT projects. With a no-code or low-code platform, you can combine existing secure systems, extract data more efficiently, effectively communicate and convey between systems and thus better manage qualitative information. Governance is not a simple process or a task to check off and forget about; the essential governance feature for low-code or no-code development is a platform provider with the flexibility to adapt to specific needs of an enterprise. The provider should be a partner in expanding the role of citizen developers within the organisation.

Taking the leap into no-code software development with a fusion team will empower the entire organisation in digital transformation. It’s a strategic move that helps enterprises become more resilient against unexpected challenges – such as a pandemic or new consumer demands. Furthermore, you create a modern and innovative working environment with digitally-capable and engaged employees.

 

[1] Source: KPMG:

https://home.kpmg/nl/en/home/media/press-releases/2021/09/record-fintech-investeringen-in-eerste-helft-2021.html

 

Continue Reading

Business

IDENTITY SECURITY IN THE ERA OF SOX

Published

on

By

By Steve Bradford, Senior Vice President, EMEA, SailPoint

 

The Sarbanes-Oxley Act (SOX) is a federal law that mandates practices in auditing and financial regulations for public companies. Its original intent being to restore trust in a corporate and financial system that had been rocked by major accounting scandals such as Enron, WorldCon and Tyco. Legislators believed if there was no trust in the major corporate institutions of America, then the whole fabric of capitalism could be brought into question.

Initially only applying to American companies, every major institution that dealt with America had to comply with SOX. It was a huge a success with the number of financial scandals emanating from the US dropping dramatically since compliance. But can The UK follow suit?

 

Preparing for “SOX UK”

The UK has had its own high profile business collapses – notably BHS and Carillion. So, the government has launched a consultation programme that mimics the US SOX rules. The consultation on reforms aims to ‘restore trust in audit and corporate governance’ and applies to auditors, companies, directors, audit committees, investors, other stakeholders, and the regulator.

A focus is on companies with a significant public interest, otherwise known as Public Interest Entities (PIEs). These include financial institutions, banks, insurance companies, underwriters, and alike – many of which are already familiar with a high degree of financial scrutiny. A noteworthy difference is the stated preference to expand the UK SOX controls beyond public interest companies, which could include large companies in retail, manufacturing, logistics and automotive.

UK SOX may seem like a massive undertaking if unfamiliar, but with the right technologies in place manual tasks can become automated, reducing time which can be then redirected to greater priorities or risks, and everyday operations will be guided by a strong set of well-defined controls.

 

A growing threat

The Sarbanes-Oxley Compliance 9-Step checklist provides a series of recommendations to protect the validity of all reported information and help businesses to ensure they are following the rules. This includes the need to establish controls to prevent data tampering, track data access, test the effectiveness of safeguards and detect security breaches – any of which need to be reported to SOX auditors on time.

As both physical and digital information are affected, accurate management is an integral part of compliance. Remote working, blockchain integration, and the emergence of cloud-based banking (Banking as a Service) have led to growing cyber threats, privacy concerns and compliance requirements through the complexities of connectivity.  For example,  multiple devices now connect to networks from different locations, accessing the vast amount of information in the cloud. There is now critical need to close security gaps outside the perimeter.

Some of the greatest threats lie within an organisation – either human error or more likely, the rise in risk facing the access today’s workforce has to technology. Complex corporate structures and departmental silos hinder management’s visibility into workforce roles, responsibilities, and data access. Traditional reliance on spreadsheets and manual processes for tracking data access and user identities leads to inaccuracies and inconsistencies.

Apart from being an auditing and reporting nightmare, the situation creates system gaps that are ripe for exploitation by threat actors.

 

Maintaining security through identity

To meet security and compliance regulations, companies and organisations must act smarter in how they protect their “perimeter”, which is centred on its people – the new threat vector of choice. Companies must prepare to automate business processes and embrace new security practices that fully protect the workforce and the tools they need to  do their job.

Staying in compliance with regulation is important for the safety of the company, but it is crucial that the right safety measures are in place. Identity access management can reduce the risk of insider threat, data breaches and human error for financial reporting – enabling automated logging and report generation for companies to make smart decisions whilst uncovering and remediating hidden or unknown issues that pose inherent risk.

 

The countdown to SOX

One commodity companies don’t have is an abundance of time. With less than 18 months to go until the SOX recommendations deadline, any form of automated access system is an essential first step in ensuring companies are prepared. Starting early is critical – given an implementation programme can take 18-24 months for a company that is used to stringent financial regulations. It’s time to get identity and access compliance right – automation can save a significant amount of effort and money, whilst improving the accuracy of identity management processes.

As seen in the US, UK companies not used to financial compliance procedures will have to catch up or ask for help – learning from the financial sector – and scale up their auditing and control to comply with more stringent regulations. The rules are there to help provide the security that regulators need for a secure commercial environment. Now is the time to act in order to reduce the risk.

 

Continue Reading

Magazine

Trending

Business50 mins ago

THE EVOLVING TECHNOLOGY NEEDS OF THE FINANCE DEPARTMENT

Jennifer Sims, Senior Consultant at Xledger   The world of finance software is evolving quickly, but with many new software...

Business59 mins ago

HOW RETURNS ABUSE AFFECTS RETAILERS

By Aaron Begner, EMEA GM at Forter   Accompanying the significant growth in ecommerce over the past 12 months, is the...

News1 hour ago

TINTRA PLC FINALISES JOINT VENTURE WITH ARTIFICIAL INTELLIGENCE PARTNER TO BUILD INDUSTRY CHANGING REGULATORY TECHNOLOGY

Innovative fintech company, Tintra PLC(https://tintra.com/), has formed a joint venture with award-winning Artificial Intelligence and Machine Learning business, TMC2, via...

News1 hour ago

CELLPOINT DIGITAL PARTNERS WITH VYNE TO ENABLE INSTANT OPEN BANKING PAYMENTS FOR MERCHANTS

The partnership will allow CellPoint Digital customers to incorporate Vyne into its payment ecosystem and access instant payments without a...

Business3 days ago

WHY A MULTI-ACQUIRER STRATEGY IS KEY TO GLOBAL GROWTH

As online business grows exponentially, finally fulfilling the internet’s promise of a ‘global village’ in which anyone can buy and...

Business3 days ago

TAKE THE NO-CODE LEAP TO DIGITAL INNOVATION WITH A FUSION TEAM

Chris Obdam, CEO, Betty Blocks   In the last couple of years, a new sector has emerged alongside enterprise financial...

Finance3 days ago

HOW FINANCIAL ORGANIZATIONS CAN PROTECT THEIR DATA

Yuval Wollman, President, CyberProof and Chief Cyber Officer, UST   Top executives from Wall Street’s largest banks pinpointed cybersecurity as the...

Top 103 days ago

IF IT’S A LOSS, YOU’RE TOO LATE – WHY THE INSURANCE INDUSTRY NEEDS TO FOCUS ON FIRST NOTIFICATION OF RISK

Simon Dicks, Insurance Channel Manager EMEA, Lytx   Insuring commercial fleets can be an expensive business. Average repair costs have...

Business3 days ago

IDENTITY SECURITY IN THE ERA OF SOX

By Steve Bradford, Senior Vice President, EMEA, SailPoint   The Sarbanes-Oxley Act (SOX) is a federal law that mandates practices...

News3 days ago

EXPERIAN LAUNCHES VERIFICATION SERVICE TO SUPPORT FASTER, MORE ACCURATE LENDING DECISIONS

Work Report™ is the UK’s first service that automates the digital sharing of payroll information on behalf of the consumer...

News4 days ago

TENUREX AND ELUCIDATE PARTNER TO INCREASE FINANCIAL INCLUSION WORLDWIDE

TenureX and Elucidate have announced a strategic partnership with a mission to increase financial inclusion worldwide and tackle the laborious...

Banking4 days ago

WHY THE TIME IS NOW TO BANK BEYOND BORDERS

by Lili Metodieva, MD of Monneo   As our world becomes more interconnected, so too does the need for banking...

News4 days ago

PAYCAST PARTNERS WITH MARQETA AND MASTERCARD FOR NEW MARKETPLACE PAYMENT SOLUTION

Paycast will leverage Marqeta’s modern card issuing platform and the Mastercard network to empower marketplaces with payment solutions that help...

Finance5 days ago

HOW FS ORGANISATIONS CAN USE API-DRIVEN DATA AUTOMATION TO JOIN THE OPEN BANKING REVOLUTION

By Steve Barrett, Senior Vice President, International Operations at Delphix    Technology is rapidly transforming all industries across the world. However, for the...

Banking5 days ago

IT’S TIME FOR BANKS TO SIT THEIR CUSTOMERS DOWN AND TALK OPEN BANKING

Eugene Danilkis, CEO at Mambu   We are living in an experience economy, and banking is no different. Customers need...

Banking5 days ago

WILL CHALLENGER OR TRADITIONAL BANKS WIN THE SECURE CARD PAYMENTS BATTLE?

By Vince Graziani, CEO, IDEX Biometrics ASA   Challenger banks have shaken up the payment ecosystem in the last decade....

Banking5 days ago

TOP ITALIAN BANK ROLLS OUT FIRST OF ITS FULLY DIGITAL BRANCHES WITH AURIGA

Banca Carige Smart, the new intelligent branch model enabled by Auriga #NextGenBranch solutions , combines digitalisation with a human touch...

Banking5 days ago

HOW BANKS CAN PROTECT THEMSELVES AGAINST RANSOMWARE

Jay Ralph, Managed Cloud Global Sales Lead at SoftwareONE   We’ve seen a slew of high-profile ransomware attacks in 2021. From hackers...

News5 days ago

BLOCKERS TO BLOCKCHAIN ADOPTION LIFT FOR 65% OF FINANCIAL ORGANISATIONS

Four years of data from Visma | Onguard’s Fintech Barometer finds growing confidence in blockchain technology   65% of organisations...

News6 days ago

SAME DAY REMITTANCE IS A WELCOME BOOST FOR SMALL MERCHANTS THIS BLACK FRIDAY

UTP Merchant Services, Jaime Lowe, Sales Director On November 26th, much of the globe will witness the start of the...

Trending