David Orme, Senior Vice President at IDEX Biometrics ASA
In August 2019, the Financial Conduct Authority (FCA) announced an 18-month delay to the enforcement of the new Strong Customer Authentication (SCA) rulings under the second Payment Service Directive (PSD2). The rulings were originally introduced to enhance the security of payments and limit fraud during the customer authentication process for online and in-person contactless payments.
Online, or card-not-present (CNP) transactions, and contactless payments are two of the main routes to card fraud. Because of the lack of a PIN or authentication method, these forms of payment present a specific challenge for retailers to verify the actual cardholder and validate their payment effectively. The introduction of SCA aims to reduce high levels of online and payment fraud caused by this process, all while enhancing consumer rights.
For merchants in the European Economic Area, the SCA ruling means they must now require two methods of authentication for CNP transactions. This means when a retailer takes a payment without the card being physically present, such as for an eCommerce transaction. When the directive is enforced in March 2021, two of the below three authentication methods must be used to confirm a CNP transaction:
- Something you know – such as a PIN or password
- Something you have – possession of the card or a bank-issued card reader and one-time PIN
- Something you are – biometric data
The additional authentication process also applies for some contactless payments, with shoppers having to enter a PIN for every fifth transaction, or after a certain spending limit has been reached, currently considered to be £100.
Why the delay?
The SCA ruling will affect the whole payment market, including card issuers, payment providers, online retailers, in-store merchants and consumers. However, the European Banking Authority (EBA) this summer noted a significant lack of preparedness for the regulation among the payments industry and retailers, which is likely to have a significant impact on consumers.
The extension to the deadline is intended to give the industry time to prepare for the roll out of the directive. To address the industry’s lack of readiness, the FCA has created an 18-month plan which provides support and steps those within the payment ecosystem need to adopt to implement SCA.
Discussing the introduction of SCA, Jonathan Davidson, Executive Director for Supervision, covering Retail and Authorisations at the FCA, has said, “The FCA has been working with the industry to put in place stronger means of ensuring that anyone seeking to make payments is not a fraudster. While these measures will reduce fraud, we want to make sure that they won’t cause material disruption to consumers themselves; so we have agreed a phased plan for their timely introduction.”
The preparation timetable
So, given their lack of preparation, how does the payment market get ready for the roll-out of the ruling between now and the new deadline of March 2021?
The suggested industry solution is to use a one-time passcode (a possession factor) plus another factor (with knowledge, such as PINs only as fallback). According to the FCA, while the industry is still implementing this approach, the most important step is to start clear communication with consumers now. Retailers and banks should already be open and transparent with customers to minimise the risk of unexpected disruption to payments.
To provide this level of communication, retailers and suppliers need to educate themselves regarding the issues and requirements needed to ensure they are SCA compliant. The so-called ‘learning period for implementation’ runs up to March 2020, by which time the financial authority expect retailers to understand the regulatory requirements and have begun to take steps towards technological readiness.
By this point, merchants should be actively testing to ensure their solution will work correctly by the following year. Then by March 2021, the FCA expect to see operational readiness and a solid ‘issuer behavioural solution’ from all retailers and financial institutions, to meet the regulation deadline.
Biometrics: the long-term solution to secure payment authentication
While one-time passcodes are considered the interim solution, the FCA also outline that long-term, authentication through biometrics and mobile app-based solutions is the future of secure payments. Adopting biometric payment cards or using fingerprint readers on smartphones to authenticate online payments offers an important way for retailers to balance security measures that comply with the SCA regulation with ease-of use for the consumer.
Following smart fingerprint biometric payment cards, the user registers their fingerprint on the card at home through a portable enrolment device. Once the reference fingerprint is recorded, it never leaves the card so data cannot be hacked. The biometric bank card can then be used with existing payment infrastructures — including eCommerce, chip and PIN and contactless card readers — in the usual way. The sensor is placed in such a position to make it easy for the consumer to simply hold and tap their card with their thumb or finger over the sensor, meaning that even post-SCA contactless payments can continue quickly and easily, without PINs or payment limits.
For online payments, biometric payment cards offer further possibilities to strengthen the security and SCA compliance for e-commerce retailers. The addition of a digital dynamic Card Verification Value (CVV) number on the front of the card would present a new code whenever the card owner’s fingerprint is presented on the card. This means that the traditional payment card would be transformed and consumers would be protected against both the theft of static card numbers for fraudulent online transactions and physical card theft.
The implementation of biometric fingerprint payment cards across the payments market would ensure that card issuers, payment providers, online retailers, in-store merchants can all meet the SCA requirements for online and contactless transactions.
Therefore, fingerprint biometric smart cards are a way of putting payment security firmly in the hands of the consumer in line with the SCA requirements. As the payment ecosystem works to meet these guidelines it should look towards this biometric innovation to provide secure authentication with the convenience that consumers expect and demand.
Fail to prepare, prepare to fail
During the delay, it is the responsibility of the payment ecosystem to ensure they understand the new regulations and implement methods to protect consumers from fraud. Security measures must be put in place to comply with the SCA requirements sooner, rather than later.
If the payment ecosystem fails to prepare, or comply with this new ruling, it will open consumers up to a significant threat of card fraud, whether from shopping online, or in store. Therefore it is imperative that card issuers, payment providers, online retailers and in-store merchants act now to prepare for the new regulation. Biometric fingerprint payment cards offer an opportunity for banks, retailers and merchants to embrace payment innovation that will help them meet these new secure forms of authentication with confidence and ease.
‘MOVE FAST BUT DON’T BREAK THINGS’ – WHY FINTECHS WILL COME TO LOVE REGULATION
Alex Johnson, Director of Portfolio Marketing, FICO
The guiding ethos of fintech is move fast and break things. It’s the fundamental advantage that disruptors have over the incumbents they’re disrupting — the ability to move quickly and make mistakes, learn from them and deliver innovative services to customers. Generally, this ethos is presented as a virtue. Banking is ‘broken’ so any investments in improving it are both notable and noble – even if there are bumps along the way.
Conversely, anything that stands in the way of this ‘march of progress’ is generally cast as a villain.
The most prominent villain for fintech companies is regulation. From their perspective, it’s a competitive moat, based on rules written for a different century, that protects banks’ ability to make money without needing to innovate and offer more or improved services to their customers.
So, it’s easy to see why a fintech company — believing fully in the virtue of its mission and faced with a litany of illogical and intractable regulations — might just say ‘we’re doing it anyway.’ That’s what Robinhood co-founder Baiju Bhatt reportedly did when his company tried to roll out a checking and savings product that it claimed was insured without confirming that with regulators first.
The problem is that while we may mythologise the ‘move fast and break things’ ethos in the abstract, consumers don’t love it when their stuff breaks in the real world.
And when fintechs and challenger banks aren’t constrained by regulation (as they mostly are in the U.S and Europe) the harm caused by this ‘move fast and break things’ approach can be much more severe than a service outage or a false claim of deposit insurance.
Stories from overseas
In China, online P2P lending exploded in popularity, with the number of P2P lenders growing from 50 in 2011 to 3,500 in 2015. Then the whole industry imploded when it was revealed that 40% of P2P lending platforms were Ponzi schemes.
In India, online lending companies raised a record $909 million in venture capital last year (the third-biggest market behind the U.S. and China). And those lenders are now using personal data from borrowers’ mobile phones to make lending decisions – which although illegal, is reportedly ignored by Indian regulators.
In the Philippines (another emerging market where venture capital dollars for online lending are pouring in), the National Privacy Commission is investigating hundreds of complaints from consumers about lending apps leveraging their personal data to shame them into making their payments.
A prediction for the decade to come
In the 2020s, I believe fintech companies will come to love – or at least quietly appreciate – regulation for two primary reasons:
Fintechs and challenger banks understand that brand recognition and affinity is key to their long-term success. Building their brands will be a challenge. A recent survey of 2,000 Brits found 40% don’t trust challenger banks at all and 67% said they are more likely to do business with banks that have branches on the high street. As Zach Bruhnke, co-founder and CEO of U.S. challenger bank HMBradley recently said, ‘We’re going to have to grow by word-of-mouth and doing the right things for our customers.’
Fintechs and challenger banks focused on the long-term task of building brand affinity and trust will, over the next decade, come to despise bad actors that skirt the rules and dress up get-rich-quick schemes in the same language they use to describe their own firms. Regulations that constrain and/or shut down these bad actors will be increasingly appreciated by legitimate market participants.
In the 2010s, we saw the beginning of a trend that will strengthen in the 2020s — regulations designed to foster competition between incumbents and new market entrants. To date, such regulatory action has run the gamut, from vague (innovation sandboxes and special-use charters) to hyper-specific (U.S. regulators’ cautiously approving the use of alternative data, or the Bank of England considering giving non-banks access to its 500-billion-pound balance sheet). Perhaps, most promising, has been the work done by the Competition and Markets Authority (CMA), which has been proactively driving the adoption of rules and standards around Open Banking for past couple of years. O
ver the next decade, through careful management of public perception and increased investment in lobbying, fintechs and challenger banks will further reshape the regulatory environment from a competitive moat to a more level playing field.
Reaching fintech maturity
’As a licensed broker-dealer, we’re highly regulated and take clear communication very seriously. We plan to work closely with regulators as we prepare to launch our cash management program’.
This was the statement issued by the chastened co-founders of Robinhood shortly after they backed away from their plan to launch a checking and savings product without government insurance. And here’s the crazy part — that’s exactly what happened! Less than a year later the company announced a new deposit product, this time insured by the Federal Deposit Insurance Corporation (FDIC).
As fintech companies mature in the 2020s and the focus of their strategic objectives shifts from growth to profitability, regulation will play a vital role in transforming the ethos of those companies into something a bit more sustainable. Call it ‘Move fast, but don’t break things’.
HOW TO MERGE YOUR FINANCES AS A COUPLE?
By Nelisiwe Ndlovu, Certified Financial Planner at Alexander Forbes
There is never a good time to discuss finances with your partner, married or unmarried, and one key issue that needs to be discussed is whether you should merge your finances.
Joining all your money matters can seem overwhelming at first, so you don’t have to combine every bank account and credit card from the get-go.
Start by having an honest discussion with regards to your individual money management and financial commitments before deciding to merge or co-manage your household finances while deciding if you want to fully merge all your finances. Detail all individual income, expenses, and all your financial commitments. The best way to achieve this would be to first take your individual budgets and combine them. This will tell you what you can and cannot afford as a couple. If one partner does not usually budget, this is a chance to start doing so as this will ensure that your household finances are under control.
Before you think about merging your finances, be open and honest about:
- How much you earn – what is the income that you will bring home? What is the frequency of your income? Are you permanently employed or a contractor?
- What are your current individual expenses and financial commitments? List your assets and your current debt.
- Your individual financial goals and money management techniques – don’t worry if you might have not figured this out at the time of merging your finances – the important thing to do is to be open and honest so that you both build a stronger money foundation
- Disclose your financial obligations, this becomes very tricky if left until too late and may cause unnecessary tension in the relationship
- What are your goals as a couple – what is the purpose for merging your finances?
Married couples can formally or informally merge their finances as detailed above where household expenses are split between the couple (the split could be 50/50 or any fair split agreed upon by the couple, which could be based percentage-wise depending on one’s income). Some couples tackle finances by adopting the ‘pick a bill’ approach, where one couple pays the water and electricity while the other covers the food.
Being married does not mean necessarily that you need to have one joint account. You may also just want to open one joint account where you each deposit money to pay just your monthly household expenses.
The top five things to remember when merging finances as a couple:
- Have the ability to manage your own finances before expecting another person to merge their finances with you.
- Be mindful of your potential spouse/life partner’s money management behaviour and skills so that there are certain things you can address together before considering merging your finances
- Always keep an open line of communication – honesty is the best policy
- Set a money limit which you can each spend without having to consult each other
- Don’t forget to change your wills and beneficiaries on pension or provident funds as required.
WHY DIGITAL TRANSFORMATION IS CRUCIAL FOR BANKS
David Murphy, Managing Partner, Financial Services EMEA & APAC at digital consultancy Publicis Sapient Over the past five years,...
REACHING THE NOT-SO DIGITAL NATIVES
By Garry Hamilton, Group Business Development Director, Equator It’s 2020. There’s no denying that banks and financial institutions have...
THE ‘LEGO-IFICATION’ OF BANKING IT AND THE RISE OF DIGITAL FINANCE ECOSYSTEMS: FOUR PRIORITIES FOR BANKS IN 2020
Danny Healy, financial technology evangelist, MuleSoft The advent of the open banking era and continued emergence of fintech has...
WHAT TO DO WITH YOUR LIFE SAVINGS, RETIREMENT AND INSURANCE POLICIES WHEN EMIGRATING
By Renier Hugo, Alexander Forbes Certified Financial Planner With South Africans increasingly opting to live abroad, a hot topic...
MOBEY FORUM: BANKS’ BIG OPPORTUNITY IN DIGITAL ID WON’T LAST FOREVER
New report offers strategic insights for banks following in-depth review of seven prominent digital ID schemes across Europe and North...
THE END OF YEAR TAX CHECKS THAT COULD SAVE YOU THOUSANDS
Charlie Reading, Founder and MD of Efficient Portfolio After HMRC’s tax return deadline at the end of January, it can be...
RISK VS REWARD: IS AI TAKING OVER?
Xavier Fernandes, Analytics Director at Metapraxis A study by Oxford University academics into “The Future of Employment” in 2013 prompted...
HALO TRUST USES ADAPTIVE INSIGHTS FOR STRATEGIC BUSINESS PLANNING
Cloud-based financial planning helps HALO Trust deliver greater benefit to communities affected by war Adaptive Insights, a Workday company,...
IS DATA PROTECTION AND PRIVACY RELEVANT ACROSS ALL STRATA IN INDIAN SOCIETY?
A Study by Pensaar Design With CGAP Pensaar Design has been working on a research study with CGAP to better...
THE RISE OF CHALLENGER BANKS AND HOW LEGACY BANKS ARE TRYING TO KEEP UP
Jean Van Vuuren, Regional VP for UK, Middle East and South Africa at Alfresco The finance world has been...
NEW STUDY: AI HELPS ORGANISATIONS GROW PROFITS 80 PERCENT FASTER
Global research highlights how organisations are capitalising on emerging technologies to enhance finance and operations for competitive advantage Organisations...
UK START-UPS MUST MAKE THE MOST OF A SMALL WINDOW TO CAPITALISE ON INVESTMENT OPPORTUNITIES, FOX WILLIAMS WARNS
Despite rising investment, Brexit and growing interest from tech giants could cut off start-ups’ opportunities in 2020 While a...
XPEDITION UPGRADES MORE THAN ONE MILLION OPENWORK CLIENTS TO THE DIGITAL AGE
Xpedition, leader in the implementation of cloud-based business applications, has deployed a new system which has digitally transformed the customer...
ORACLE AND MICROSOFT BRING ENTERPRISE CLOUD INTEROPERABILITY TO EUROPEAN CUSTOMERS
Today, Oracle is announcing the continued expansion of its cloud interoperability partnership with Microsoft with a new cloud interconnect location in Amsterdam....
THE EMOTIONAL AND FINANCIAL COST OF WORKING WITH OUTDATED TECHNOLOGY
Slow Tech Could Waste 24 Hours of Worktime a Year In this digital age, businesses are hugely reliant on technology...
HOW TECHNOLOGY IS FUTUREPROOFING STOCK MARKET TRADING
Tony Shaw, Executive Director, London Office and Head Sales UK & Ireland at the Swiss Stock Exchange Markets are shifting,...
REVEALED: THE TOP 10 COUNTRIES THAT ARE REDUCING THEIR RELIANCE ON OIL
Ben Lobel, Copywriter at DailyFX New tool charts global commodity trading over the last decade The UK has reduced its...
‘MOVE FAST BUT DON’T BREAK THINGS’ – WHY FINTECHS WILL COME TO LOVE REGULATION
Alex Johnson, Director of Portfolio Marketing, FICO The guiding ethos of fintech is move fast and break things. It’s...
OFFSHORE COMPANY FORMATION TACTICS FOR SMEs
James Turner, Director at company formation specialists, Turner Little Starting a business brings with it its own set of challenges,...
EMV® 3DS – PAVING THE WAY FOR SEAMLESS AUTHENTICATION
Jean Fang, Product Manager, FIME The growth of e-commerce, m-commerce and remote commerce transactions is showing no signs of...