Connect with us

Finance

WHAT DOES THE DELAYED SCA IMPLEMENTATION MEAN FOR THE PAYMENT ECOSYSTEM?

Published

on

David Orme, Senior Vice President at IDEX Biometrics ASA

 

In August 2019, the Financial Conduct Authority (FCA) announced an 18-month delay to the enforcement of the new Strong Customer Authentication (SCA) rulings under the second Payment Service Directive (PSD2). The rulings were originally introduced to enhance the security of payments and limit fraud during the customer authentication process for online and in-person contactless payments.

Online, or card-not-present (CNP) transactions, and contactless payments are two of the main routes to card fraud. Because of the lack of a PIN or authentication method, these forms of payment present a specific challenge for retailers to verify the actual cardholder and validate their payment effectively. The introduction of SCA aims to reduce high levels of online and payment fraud caused by this process, all while enhancing consumer rights.

For merchants in the European Economic Area, the SCA ruling means they must now require two methods of authentication for CNP transactions. This means when a retailer takes a payment without the card being physically present, such as for an eCommerce transaction. When the directive is enforced in March 2021, two of the below three authentication methods must be used to confirm a CNP transaction:

 

  1. Something you know – such as a PIN or password
  2. Something you have – possession of the card or a bank-issued card reader and one-time PIN
  3. Something you are – biometric data

The additional authentication process also applies for some contactless payments, with shoppers having to enter a PIN for every fifth transaction, or after a certain spending limit has been reached, currently considered to be £100.

 

Why the delay?

The SCA ruling will affect the whole payment market, including card issuers, payment providers, online retailers, in-store merchants and consumers. However, the European Banking Authority (EBA) this summer noted a significant lack of preparedness for the regulation among the payments industry and retailers, which is likely to have a significant impact on consumers.

The extension to the deadline is intended to give the industry time to prepare for the roll out of the directive. To address the industry’s lack of readiness, the FCA has created an 18-month plan which provides support and steps those within the payment ecosystem need to adopt to implement SCA.

Discussing the introduction of SCA, Jonathan Davidson, Executive Director for Supervision, covering Retail and Authorisations at the FCA, has said, “The FCA has been working with the industry to put in place stronger means of ensuring that anyone seeking to make payments is not a fraudster. While these measures will reduce fraud, we want to make sure that they won’t cause material disruption to consumers themselves; so we have agreed a phased plan for their timely introduction.”

 

The preparation timetable

So, given their lack of preparation, how does the payment market get ready for the roll-out of the ruling between now and the new deadline of March 2021?

The suggested industry solution is to use a one-time passcode (a possession factor) plus another factor (with knowledge, such as PINs only as fallback). According to the FCA, while the industry is still implementing this approach, the most important step is to start clear communication with consumers now. Retailers and banks should already be open and transparent with customers to minimise the risk of unexpected disruption to payments.

To provide this level of communication, retailers and suppliers need to educate themselves regarding the issues and requirements needed to ensure they are SCA compliant. The so-called ‘learning period for implementation’ runs up to March 2020, by which time the financial authority expect retailers to understand the regulatory requirements and have begun to take steps towards technological readiness.

By this point, merchants should be actively testing to ensure their solution will work correctly by the following year. Then by March 2021, the FCA expect to see operational readiness and a solid ‘issuer behavioural solution’ from all retailers and financial institutions, to meet the regulation deadline.

 

Biometrics: the long-term solution to secure payment authentication

While one-time passcodes are considered the interim solution, the FCA also outline that long-term, authentication through biometrics and mobile app-based solutions is the future of secure payments. Adopting biometric payment cards or using fingerprint readers on smartphones to authenticate online payments offers an important way for retailers to balance security measures that comply with the SCA regulation with ease-of use for the consumer.

Following smart fingerprint biometric payment cards, the user registers their fingerprint on the card at home through a portable enrolment device. Once the reference fingerprint is recorded, it never leaves the card so data cannot be hacked. The biometric bank card can then be used with existing payment infrastructures — including eCommerce, chip and PIN and contactless card readers — in the usual way. The sensor is placed in such a position to make it easy for the consumer to simply hold and tap their card with their thumb or finger over the sensor, meaning that even post-SCA contactless payments can continue quickly and easily, without PINs or payment limits.

 

Dynamic verification

For online payments, biometric payment cards offer further possibilities to strengthen the security and SCA compliance for e-commerce retailers. The addition of a digital dynamic Card Verification Value (CVV) number on the front of the card would present a new code whenever the card owner’s fingerprint is presented on the card.  This means that the traditional payment card would be transformed and consumers would be protected against both the theft of static card numbers for fraudulent online transactions and physical card theft.

The implementation of biometric fingerprint payment cards across the payments market would ensure that card issuers, payment providers, online retailers, in-store merchants can all meet the SCA requirements for online and contactless transactions.

Therefore, fingerprint biometric smart cards are a way of putting payment security firmly in the hands of the consumer in line with the SCA requirements. As the payment ecosystem works to meet these guidelines it should look towards this biometric innovation to provide secure authentication with the convenience that consumers expect and demand.

 

Fail to prepare, prepare to fail

During the delay, it is the responsibility of the payment ecosystem to ensure they understand the new regulations and implement methods to protect consumers from fraud. Security measures must be put in place to comply with the SCA requirements sooner, rather than later.

If the payment ecosystem fails to prepare, or comply with this new ruling, it will open consumers up to a significant threat of card fraud, whether from shopping online, or in store. Therefore it is imperative that card issuers, payment providers, online retailers and in-store merchants act now to prepare for the new regulation. Biometric fingerprint payment cards offer an opportunity for banks, retailers and merchants to embrace payment innovation that will help them meet these new secure forms of authentication with confidence and ease.

 

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Business

THE EVOLVING TECHNOLOGY NEEDS OF THE FINANCE DEPARTMENT

Published

on

By

THE EVOLVING TECHNOLOGY NEEDS OF THE FINANCE DEPARTMENT

Jennifer Sims, Senior Consultant at Xledger

 

The world of finance software is evolving quickly, but with many new software contenders entering the market it can be a mindfield for organisations. Many finance teams are already using multiple accounting apps and software packages for bookkeeping, payroll and invoicing to service individual needs. Whilst it may work fine for now, this segregated approach isn’t sustainable for long-term growth. The world is swiftly moving to agile, automated ways of working. As a result, there is a growing need to choose suppliers that can fulfil multiple functionalities within the one platform.

Financial software is evolving at such a pace that it can be difficult to keep up. Changing up a finance solution is a big step and ease of migration can be a substantial factor in determining which solution provider to go with. But how do you choose a solution that will grow with your business and still offer something innovative in five or ten years down the line? The fear is always that non-techie organisations will end up falling behind, but in such a highly concentrated industry, how do you decide which solution would work best for you?

 

Cloud-first: the term that makes all the difference 

You could find a ‘cloud-based’ service with an application that comes with automated audit trails to make it easier to meet compliance and record-keeping obligations, for example. But for a solution to offer all of the many future benefits promised by the cloud, it needs to have been built specifically for a cloud environemt from the outset – ie. not an on-premise built system that has been later adapted. Cloud-first services (true cloud) were always intended to leverage economies of scale, cope with live updates, be accessible from anywhere with an internet connection, and to scale rapidly, to name just a few of the many benefits.

When we talk about innovation in financial technology, we’re not just talking about software that makes it easier for the financial controller to create reports. If eliminating reliance on Excel spreadsheets is the only tangible benefit you have to really shout about, you are missing out on the real deal. With ‘true’ cloud finance software the sky is the limit.

Finance and accounting technology needs to directly meet the needs of the finance function and support the wider business needs.  When looking at accounting software platforms you’d be hard pressed to find one that doesn’t now promise ‘cloud-based’ enterprise resource planning (ERP) capabilities. The cloud is nothing new, but it’s the way that a solution harnesses this environment that makes a real difference. And here is where there is a need to read between the lines.

 

Automate more with true cloud 

Historically, repetitive and manual tasks are typical of the finance role – from invoice postings to expense claims handling – these can overwhelm the finance team. Research by Xledger[1] has found that an enormous 91% of CFOs and finance decision makers are carrying out at least one of these repetitive tasks as part of their job. What’s more, senior finance leads are averaging a whopping 25 hours per week carrying out repetitive and manual tasks, compared with 15 hours for other finance decision makers.

A modern, true cloud finance system can enable your business to automate repetitive tasks and provide one source of truth so that teams can make informed business decisions that will help to scale a business. Bank reconciliation, dashboard creation and reporting are just some of the tasks that can be handled automatically.These capabilities are aiding overtasked finance teams and saving hundreds or thousands of hours a year.

Whilst different companies are at different stages in their digital transformation what is clear is keeping up with the latest technology is fundamental to the future success of an organisation.

Xledger is a true cloud finance solution. The basics include invoicing, robust general ledger accounting, detailed slice and dice reporting, purchase orders, billing, VAT reporting, and cash and bank payments. It also adds process and structure to the enterprise with procurement and inventory, budgeting and forecasting, and project accounting. Users are always on the latest version of the software and with regulation more stringent than ever today, Xledger is ISO 27001 accredited.

Choosing the right provider for your financial ERP solution comes down to whether it has the fundamentals right. When hosting all of your vital data in the providers’ own servers, it should evidence a highly tested security process that comes with backup services as standard.

As our demand for technology capabilities grows and as ERP models progress, innovation will become the structure for growth – and there is no end to the possibilities.

 

Continue Reading

Finance

HOW FINANCIAL ORGANIZATIONS CAN PROTECT THEIR DATA

Published

on

By

Yuval Wollman, President, CyberProof and Chief Cyber Officer, UST

 

Top executives from Wall Street’s largest banks pinpointed cybersecurity as the greatest threat to America’s financial system, at a Congressional hearing that took place in May.

The concern of financial industry leaders with cyber-attacks is neither surprising, nor new. The attraction of cybercriminals to banks and other financial institutions makes sense, given the fact that the financial sector functions as gatekeepers – not just of financial assets, but also of valuable Personally identifiable information (PII).

Threat actors are attracted to attack financial institutions to earn a profit through increasingly sophisticated attacks that range from ransomware attacks to identity theft. But while the threat continues to grow, there is much that can be done to mitigate the risks.

 

The Downsides of Digital Banking

The number of attacks on financial institutions increased sharply in the last two years due to the upheavals wrought by COVID-19, which prompted a dramatic rise in the number of online transactions.

With so much of today’s financial transactions done on both web and mobile devices, threat actors have more opportunities than ever before. Take, for example, the growing importance of Man in the Middle (MITM) Attacks, which impersonate another party online and give criminals access to personal data, passwords, and banking details.

With the widespread adoption of digital banking, consumers have become increasingly worried about cyber-attack. As a result, there’s growing demand to create better consumer protection laws that respond to the rapidly evolving technology. The U.S. Federal Trade Commission (FTC), for example, recently strengthened security safeguards for consumer financial information.

 

It’s Not “Just” About the Money

Financial organizations are at risk not just from threat actors looking for profit, but also from nation-states and hacktivists acting out of idealistic motives or as a means of achieving specific political ends.

The most famous examples of this type of attack include Russia’s 2016 attack on Ukraine’s electric grid and North Korea’s 2017 attack on Britain’s National Health Service.

Because of the extent of the damage that this type of attack could cause, NATO established cyberspace as the “fifth domain of warfare” in 2016. It developed a definition of when foreign factions are banned from attacking financial institutions, due to the fear that this type of attack could directly lead to a country’s destabilization.

 

Recognizing Risk Factors

The digital transformation of financial services helps banks and other financial institutions provide more a more convenient customer experience.

And while significant customer demand has led many banks to implement changes such as the transition from legacy to cloud-based solutions, these shifts also have the potential to create additional security risks.

For example, if we’re talking specifically about cloud migration, there’s need for additional security layers to protect organizations working with public cloud providers from the range of attacks targeting the financial sector: ransomware, account takeover, data theft and manipulation, phishing attacks, identity theft, and more.

Another example is the extensive use of third-party vendors, which has increased the risk of attack for organizations in the financial sector. Because third-party vendors enlarge the attack surface, they create more entry points to the system and make it harder to protect customer data.

 

Accelerating Detection & Response

By adopting an agile approach that supports continuous improvement, financial organizations can facilitate proactive identification of evolving threats and vulnerabilities in the wild. More specifically, by placing an emphasis on use case optimization – which starts by mapping out an organization’s threat detection gaps to a framework such as MITRE ATT&CK – enterprises can prioritize threats and invest their time and resources in mitigating risk more effectively.

For organizations transitioning to the cloud, what’s key is managing the migration process in a way that provides optimal visibility in the cloud and supports ongoing optimization at the enterprise level. Digital playbooks are a crucial tool in providing improved detection and response, creating automated or guided responses that allow faster, more effective, collaborative action.

The development and regular review of incident response plans similarly allows for efficient response in emergency situations and helps reduce the business impact of cyber-attacks.

 

Targeted Threat Intelligence

Threat intelligence that’s tailored to the financial services sector is another key component of timely detection and response. By working with expert Cyber Threat Intelligence (CTI) services, organizations can obtain up-to-date information about industry-specific threats in real time – information that is a highly valuable tool in strengthening the defense of an enterprise.

 

Cyber Hygiene

Employees make mistakes; after all, it’s only human. But these errors can lead to massive data breaches. For example, when someone clicks on a phishing email or leaves passwords for a company computer on a slip of paper that’s easily seen by the wrong person, the damage can be astronomical.

Providing regular cybersecurity training programs for employees can help minimize the risk of an accidental or careless action leading to cyber-attack. To be effective, training programs should not only explain how to spot cybersecurity risks like phishing emails but should also discuss how and where it’s safe to access company information.

Aside from employee training, there are fundamental cybersecurity-related decisions that should be implemented at the enterprise level such as Zero Trust, DevSecOps, and multi-factor authentication (MFA). From a policy perspective, for example, it’s crucial to enforce MFA for all applications. Moreover, technology-related vulnerabilities can be minimized through frequent patching and updates for systems. Audits, as well as vulnerability and penetration tests, must be conducted regularly.

 

For the Financial Sector, “Best Practices” are Key

With the growth in number and complexity of cybersecurity attacks on financial organizations and the increased risk of nation-state attacks, proactively approaching the question of cybersecurity and implementing “best practices” makes the difference in reducing the degree of risk to an enterprise.

By modernizing the SOC with a carefully navigated migration to the cloud, adopting continuous improvement of use cases and the development of digital playbooks that improve detection and response – as well as by leveraging targeted threat intelligence and maintaining strong cyber hygiene – enterprises can put themselves in a stronger position to minimize the potential business impact of a cyber-attack on their organizations.

 

Continue Reading

Magazine

Trending

SET YOUR BUSINESS UP FOR SALES SUCCESS IN A POST-PANDEMIC WORLD SET YOUR BUSINESS UP FOR SALES SUCCESS IN A POST-PANDEMIC WORLD
Business2 days ago

SET YOUR BUSINESS UP FOR SALES SUCCESS IN A POST-PANDEMIC WORLD

Dean Fiveash, Head of FinTech Sales, IFX Without doubt the Coronavirus pandemic impacted every aspect of our lives and fundamentally...

THE EVOLVING TECHNOLOGY NEEDS OF THE FINANCE DEPARTMENT THE EVOLVING TECHNOLOGY NEEDS OF THE FINANCE DEPARTMENT
Business2 days ago

THE EVOLVING TECHNOLOGY NEEDS OF THE FINANCE DEPARTMENT

Jennifer Sims, Senior Consultant at Xledger   The world of finance software is evolving quickly, but with many new software...

HOW RETURNS ABUSE AFFECTS RETAILERS HOW RETURNS ABUSE AFFECTS RETAILERS
Business2 days ago

HOW RETURNS ABUSE AFFECTS RETAILERS

By Aaron Begner, EMEA GM at Forter   Accompanying the significant growth in ecommerce over the past 12 months, is the...

TINTRA PLC FINALISES JOINT VENTURE WITH ARTIFICIAL INTELLIGENCE PARTNER TINTRA PLC FINALISES JOINT VENTURE WITH ARTIFICIAL INTELLIGENCE PARTNER
News2 days ago

TINTRA PLC FINALISES JOINT VENTURE WITH ARTIFICIAL INTELLIGENCE PARTNER TO BUILD INDUSTRY CHANGING REGULATORY TECHNOLOGY

Innovative fintech company, Tintra PLC(https://tintra.com/), has formed a joint venture with award-winning Artificial Intelligence and Machine Learning business, TMC2, via...

CELLPOINT DIGITAL PARTNERS WITH VYNE TO ENABLE INSTANT OPEN BANKING PAYMENTS FOR MERCHANTS CELLPOINT DIGITAL PARTNERS WITH VYNE TO ENABLE INSTANT OPEN BANKING PAYMENTS FOR MERCHANTS
News2 days ago

CELLPOINT DIGITAL PARTNERS WITH VYNE TO ENABLE INSTANT OPEN BANKING PAYMENTS FOR MERCHANTS

The partnership will allow CellPoint Digital customers to incorporate Vyne into its payment ecosystem and access instant payments without a...

WHY A MULTI-ACQUIRER STRATEGY IS KEY TO GLOBAL GROWTH WHY A MULTI-ACQUIRER STRATEGY IS KEY TO GLOBAL GROWTH
Business5 days ago

WHY A MULTI-ACQUIRER STRATEGY IS KEY TO GLOBAL GROWTH

As online business grows exponentially, finally fulfilling the internet’s promise of a ‘global village’ in which anyone can buy and...

Business5 days ago

TAKE THE NO-CODE LEAP TO DIGITAL INNOVATION WITH A FUSION TEAM

Chris Obdam, CEO, Betty Blocks   In the last couple of years, a new sector has emerged alongside enterprise financial...

Finance5 days ago

HOW FINANCIAL ORGANIZATIONS CAN PROTECT THEIR DATA

Yuval Wollman, President, CyberProof and Chief Cyber Officer, UST   Top executives from Wall Street’s largest banks pinpointed cybersecurity as the...

Top 105 days ago

IF IT’S A LOSS, YOU’RE TOO LATE – WHY THE INSURANCE INDUSTRY NEEDS TO FOCUS ON FIRST NOTIFICATION OF RISK

Simon Dicks, Insurance Channel Manager EMEA, Lytx   Insuring commercial fleets can be an expensive business. Average repair costs have...

Business5 days ago

IDENTITY SECURITY IN THE ERA OF SOX

By Steve Bradford, Senior Vice President, EMEA, SailPoint   The Sarbanes-Oxley Act (SOX) is a federal law that mandates practices...

News5 days ago

EXPERIAN LAUNCHES VERIFICATION SERVICE TO SUPPORT FASTER, MORE ACCURATE LENDING DECISIONS

Work Report™ is the UK’s first service that automates the digital sharing of payroll information on behalf of the consumer...

News6 days ago

TENUREX AND ELUCIDATE PARTNER TO INCREASE FINANCIAL INCLUSION WORLDWIDE

TenureX and Elucidate have announced a strategic partnership with a mission to increase financial inclusion worldwide and tackle the laborious...

Banking6 days ago

WHY THE TIME IS NOW TO BANK BEYOND BORDERS

by Lili Metodieva, MD of Monneo   As our world becomes more interconnected, so too does the need for banking...

News6 days ago

PAYCAST PARTNERS WITH MARQETA AND MASTERCARD FOR NEW MARKETPLACE PAYMENT SOLUTION

Paycast will leverage Marqeta’s modern card issuing platform and the Mastercard network to empower marketplaces with payment solutions that help...

Finance1 week ago

HOW FS ORGANISATIONS CAN USE API-DRIVEN DATA AUTOMATION TO JOIN THE OPEN BANKING REVOLUTION

By Steve Barrett, Senior Vice President, International Operations at Delphix    Technology is rapidly transforming all industries across the world. However, for the...

Banking1 week ago

IT’S TIME FOR BANKS TO SIT THEIR CUSTOMERS DOWN AND TALK OPEN BANKING

Eugene Danilkis, CEO at Mambu   We are living in an experience economy, and banking is no different. Customers need...

Banking1 week ago

WILL CHALLENGER OR TRADITIONAL BANKS WIN THE SECURE CARD PAYMENTS BATTLE?

By Vince Graziani, CEO, IDEX Biometrics ASA   Challenger banks have shaken up the payment ecosystem in the last decade....

Banking1 week ago

TOP ITALIAN BANK ROLLS OUT FIRST OF ITS FULLY DIGITAL BRANCHES WITH AURIGA

Banca Carige Smart, the new intelligent branch model enabled by Auriga #NextGenBranch solutions , combines digitalisation with a human touch...

Banking1 week ago

HOW BANKS CAN PROTECT THEMSELVES AGAINST RANSOMWARE

Jay Ralph, Managed Cloud Global Sales Lead at SoftwareONE   We’ve seen a slew of high-profile ransomware attacks in 2021. From hackers...

News1 week ago

BLOCKERS TO BLOCKCHAIN ADOPTION LIFT FOR 65% OF FINANCIAL ORGANISATIONS

Four years of data from Visma | Onguard’s Fintech Barometer finds growing confidence in blockchain technology   65% of organisations...

Trending