David Orme, Senior Vice President at IDEX Biometrics ASA
In August 2019, the Financial Conduct Authority (FCA) announced an 18-month delay to the enforcement of the new Strong Customer Authentication (SCA) rulings under the second Payment Service Directive (PSD2). The rulings were originally introduced to enhance the security of payments and limit fraud during the customer authentication process for online and in-person contactless payments.
Online, or card-not-present (CNP) transactions, and contactless payments are two of the main routes to card fraud. Because of the lack of a PIN or authentication method, these forms of payment present a specific challenge for retailers to verify the actual cardholder and validate their payment effectively. The introduction of SCA aims to reduce high levels of online and payment fraud caused by this process, all while enhancing consumer rights.
For merchants in the European Economic Area, the SCA ruling means they must now require two methods of authentication for CNP transactions. This means when a retailer takes a payment without the card being physically present, such as for an eCommerce transaction. When the directive is enforced in March 2021, two of the below three authentication methods must be used to confirm a CNP transaction:
- Something you know – such as a PIN or password
- Something you have – possession of the card or a bank-issued card reader and one-time PIN
- Something you are – biometric data
The additional authentication process also applies for some contactless payments, with shoppers having to enter a PIN for every fifth transaction, or after a certain spending limit has been reached, currently considered to be £100.
Why the delay?
The SCA ruling will affect the whole payment market, including card issuers, payment providers, online retailers, in-store merchants and consumers. However, the European Banking Authority (EBA) this summer noted a significant lack of preparedness for the regulation among the payments industry and retailers, which is likely to have a significant impact on consumers.
The extension to the deadline is intended to give the industry time to prepare for the roll out of the directive. To address the industry’s lack of readiness, the FCA has created an 18-month plan which provides support and steps those within the payment ecosystem need to adopt to implement SCA.
Discussing the introduction of SCA, Jonathan Davidson, Executive Director for Supervision, covering Retail and Authorisations at the FCA, has said, “The FCA has been working with the industry to put in place stronger means of ensuring that anyone seeking to make payments is not a fraudster. While these measures will reduce fraud, we want to make sure that they won’t cause material disruption to consumers themselves; so we have agreed a phased plan for their timely introduction.”
The preparation timetable
So, given their lack of preparation, how does the payment market get ready for the roll-out of the ruling between now and the new deadline of March 2021?
The suggested industry solution is to use a one-time passcode (a possession factor) plus another factor (with knowledge, such as PINs only as fallback). According to the FCA, while the industry is still implementing this approach, the most important step is to start clear communication with consumers now. Retailers and banks should already be open and transparent with customers to minimise the risk of unexpected disruption to payments.
To provide this level of communication, retailers and suppliers need to educate themselves regarding the issues and requirements needed to ensure they are SCA compliant. The so-called ‘learning period for implementation’ runs up to March 2020, by which time the financial authority expect retailers to understand the regulatory requirements and have begun to take steps towards technological readiness.
By this point, merchants should be actively testing to ensure their solution will work correctly by the following year. Then by March 2021, the FCA expect to see operational readiness and a solid ‘issuer behavioural solution’ from all retailers and financial institutions, to meet the regulation deadline.
Biometrics: the long-term solution to secure payment authentication
While one-time passcodes are considered the interim solution, the FCA also outline that long-term, authentication through biometrics and mobile app-based solutions is the future of secure payments. Adopting biometric payment cards or using fingerprint readers on smartphones to authenticate online payments offers an important way for retailers to balance security measures that comply with the SCA regulation with ease-of use for the consumer.
Following smart fingerprint biometric payment cards, the user registers their fingerprint on the card at home through a portable enrolment device. Once the reference fingerprint is recorded, it never leaves the card so data cannot be hacked. The biometric bank card can then be used with existing payment infrastructures — including eCommerce, chip and PIN and contactless card readers — in the usual way. The sensor is placed in such a position to make it easy for the consumer to simply hold and tap their card with their thumb or finger over the sensor, meaning that even post-SCA contactless payments can continue quickly and easily, without PINs or payment limits.
For online payments, biometric payment cards offer further possibilities to strengthen the security and SCA compliance for e-commerce retailers. The addition of a digital dynamic Card Verification Value (CVV) number on the front of the card would present a new code whenever the card owner’s fingerprint is presented on the card. This means that the traditional payment card would be transformed and consumers would be protected against both the theft of static card numbers for fraudulent online transactions and physical card theft.
The implementation of biometric fingerprint payment cards across the payments market would ensure that card issuers, payment providers, online retailers, in-store merchants can all meet the SCA requirements for online and contactless transactions.
Therefore, fingerprint biometric smart cards are a way of putting payment security firmly in the hands of the consumer in line with the SCA requirements. As the payment ecosystem works to meet these guidelines it should look towards this biometric innovation to provide secure authentication with the convenience that consumers expect and demand.
Fail to prepare, prepare to fail
During the delay, it is the responsibility of the payment ecosystem to ensure they understand the new regulations and implement methods to protect consumers from fraud. Security measures must be put in place to comply with the SCA requirements sooner, rather than later.
If the payment ecosystem fails to prepare, or comply with this new ruling, it will open consumers up to a significant threat of card fraud, whether from shopping online, or in store. Therefore it is imperative that card issuers, payment providers, online retailers and in-store merchants act now to prepare for the new regulation. Biometric fingerprint payment cards offer an opportunity for banks, retailers and merchants to embrace payment innovation that will help them meet these new secure forms of authentication with confidence and ease.
HOW FINANCIAL SERVICES CAN GET TO GRIPS WITH RISING SUPPLY CHAIN RISK
By Alex Saric, smart procurement expert, Ivalua
UK businesses have never been more dependent on their suppliers to help them deliver goods and services to their customers. Be it retail, manufacturing or financial services, suppliers have a vital role to play when it comes to innovation and meeting customer expectations. However, as supply chains become increasingly global, businesses are potentially exposing themselves to more risk than ever before.
This is especially true in financial services. Whether it’s the impact of geopolitical events like Brexit or global tariff wars, supply shortages, security or the businesses impact on the environment, an organisation’s failure to identify and mitigate risk could see millions wiped off its share price, and its corporate reputation left in tatters. Risk can present itself anywhere and at any time, so financial services firms must be ready to address it. However, many simply don’t have the ability to evaluate suppliers for risk factors, leaving them wide open to business operations being hindered, or being slapped with financial penalties.
More suppliers, increasing risk
One reason why financial services firms aren’t able to evaluate suppliers is the breadth and scale of today’s supply chains. For example, French oil company Total said in in a recent human rights briefing paper that they work with over 150,000 direct suppliers worldwide. This is just one example of how large and varied the roster of partners has become. Research from Ivalua has found that financial services businesses on average are working with around 3,600 suppliers annually, which is evenly split between UK-based and international partners. That number is expected to rise, with 60% expecting the number of suppliers they work with to rise.
The expanding nature of suppliers is only going to expose financial services firms to more potential risk than ever before, yet 78% say they face challenges gaining complete visibility into suppliers and their activities.
A lack of supplier visibility leaves businesses unable to identify and mitigate against supply chain risk. In fact, almost three-quarters (73%) of financial services firms have experienced some type of risk during the last 12 months. These include; supplier failure (43%), environmental impact, such as pollution or waste (35%) and supply shortages (45%). Supply shortages can be among the most damaging to a business, as seen by both the KFC chicken shortage which closed stores, and the summer 2018 CO2 shortage which caused companies such as Heineken and Coca-Cola to pause production, impacting supply across Europe during the World Cup.
Businesses unprepared for the worst
One way financial services firms can better prepare for risk is to ensure they know what to plan for to reduce the impact. However, whilst some say they have a contingency plan in place to deal with risk, many of them are unprepared. Financial services firms admitted to not having comprehensive and deployed contingency plans in place to prepare the supply chain for risk such as; natural disasters (68%), supply shortages (67%), geopolitical changes (65%), environmental impact (63%), supplier failure (62%) and modern slavery (50%).
In order to effectively prepare for these types of risks, it’s vital that financial services businesses fully understand their suppliers, their business environment, global variations in regulations, geopolitics, and a host of other factors. But for many, there are multiple challenges when it comes to gaining this understanding. A prevailing factor is an inability to gain visibility into all suppliers and activity because supplier management data is stored in multiple locations and formats, making insights difficult to access. This leaves teams unable to review supplier activity and assess compliance.
Making supplier management smarter
It’s imperative that financial services businesses are able to respond or prepare for supply chain risk. Clearly, much more needs to be done to ensure they have complete visibility of suppliers, especially in an era where regulators can levy heavy fines for GDPR breaches and scandals spread in minutes over social media. These types of risks can be reduced in the future if procurement teams have a 360-degree view of suppliers which will help with contingency planning and risk management.
For example, in the instance of supply shortages, plans could be put in place that identify alternative suppliers to ensure any shortages do not impact end users. This type of supplier collaboration is paramount when it comes to managing and mitigating against supplier shortages. When it comes to regulations, financial services firms can’t allow a lack of visibility to limit their ability to ensure all suppliers are compliant.
To do this, teams must take a smarter approach to procurement that gives complete visibility into suppliers throughout the supply chain. This will allow financial services firms to identify and plan for risk, reducing the potential damage, and ensuring they are working with and awarding business to low-risk suppliers. Supply chain risk is rapidly becoming an overarching concern for financial services firms, but by providing the ability to assess suppliers, they will have all the insights they need to mitigate the impact on business operations.
ISO 20022 – THE BEDROCK FOR PAYMENTS TRANSFORMATION
Lauren Jones, Global Payments Ambassador, Icon Solutions
The financial services industry has seen ISO 20022 grow firmly over the last 15 years. What was then a small pocket of countries tackling migration has now become widespread adoption for domestic and international payments.
And with momentum building, it is clear that IS0 20022 is playing a foundational role for banks in the transformation of their infrastructures, with the rich messaging format delivering business benefits and enabling enhanced customer propositions.
The time is now for ISO 20022
European initiatives, such as SEPA, were the first to drive usage, but have since catalysed a network effect in other countries. Recent examples driving adoption include the New Payments Platform in Australia and the Bank of England’s Real-Time Gross Settlement (RTGS) service doing the same in the UK.
Despite the timeline delay, the SWIFT migration to ISO 20022 for cross-border payments will drive further adoption and it is clear to see why. As the world becomes more connected, having a globally interoperable standard is attractive. ISO 20022 allows banks to have a consistent experience across geographies and provides a low-risk approach to modernisation.
In the US things are moving as well. With the country’s most important payments market infrastructures, the Fedwire and The Clearing House Interbank RTP system, migrating their High Value Payment (HVP) systems almost concurrently, widespread ISO 20022 has reached a tipping point.
For US banks this means it is important to understand that ISO 2022 is no longer happening “somewhere else”. Banks dealing with the modernisation of infrastructure need to decide what will become the bedrock of their transformation efforts. ISO 20022 seems to be the only sensible choice.
ISO 20022 in practice
While banks in the US and across the world grapple with ISO 20022, it is crucial that they engage internal and external stakeholders early on in their journey to define their strategy. Resources should also be pulled from all areas of a bank, including technology, operations, AML, product and sales.
Implementation is not just a technical issue. Governance, sequencing and coordinating activities are all vital for success. Banks need to lay a foundation where legacy systems are ringfenced, but it is equally important for them to understand how to move rich data through or around legacy infrastructure as early as possible.
Deciding what to do with legacy systems is a challenge for many financial institutions. Therefore it can be useful to deploy mapping or translation services in the early stages of adoption. In fact, many market infrastructure ISO 20022 programs include a phased approach where there is a like-for-like phase (where no new functionality is used), allowing adopters to become familiar with the new standard.
This is often followed by multi-year adoption of new functionality and gradual decommissioning of legacy formats. However, mapping should not be viewed as a longer-term solution. To harness the full value of ISO 20022, supporting the standardisation natively allows banks to build from the ground up. This creates a modern data model where both internal efficiency and external value can be realised.
ISO 20022 is the way to deliver added value
One of the major drivers for ISO 20022 adoption is to remain competitive. By implementing a common standard banks can have a platform to innovate at pace and with lower costs.
Many banks now see ISO 20022 as a critical foundational element to deliver value to their corporate clients. But the benefits of ISO 20022 are not solely external. Increasingly, APIs are being used to support both deep integration within the bank and with a broad spectrum of fintech partners. ISO 20022 allows the capability of having a single data model across various computer languages and therefore across multiple use cases.
With a shift towards data-driven architecture, ISO 20022 allows banks to generate greater amounts of standardised data to provide targeted insight. The move to ISO 20022 will therefore be of paramount importance for banks to take advantage of richer, standardised data sets. With more payment volumes set to adopt ISO 20022 by 2025, the discussion is moving on from the standard simply serving transactional needs to the data that can be extracted from these transactions.
Prioritising payments transformation
In other words, over the next few years we will see payments being refocused from a commoditised proposition to a strategic, value-adding one. Yet being “data-aware” is not good enough. Banks need to be powered by that data. As cutting costs is no longer enough to sustain banks, they must use payments data to deliver more appealing propositions and revenue-boosting, value-added services.
As the adoption of ISO 20022 remains fragmented in the US for the time being, many banks will continue to question how best to take advantage of the standard. However, it should be evident that ISO 20022 is coming and the time to prepare is now.
ENTERPRISE BLOCKCHAIN: DRAGGING INSURANCE OUT OF THE DARK AGES
Ryan Rugg, Global Head of The Industry Business Unit at R3 The history of insurance traces back to the development...
DISPELLING BIOMETRIC MYTHS AND MISCONCEPTIONS
By Lina Andolf-Orup, Head of Marketing at Fingerprints Gangsters cutting off enemies’ fingers to access secret locations and spies lifting...
FUTURE FX PROMO
FOUR WAYS OPEN BANKING AND AI WILL REVOLUTIONISE ACCOUNTANCY
Ed Molyneux, CEO and co-founder of cloud accounting software company, FreeAgent It’s been just over two years since the...
HOW FINANCIAL SERVICES CAN GET TO GRIPS WITH RISING SUPPLY CHAIN RISK
By Alex Saric, smart procurement expert, Ivalua UK businesses have never been more dependent on their suppliers to help...
TWO TO TANGO? MARKET DATA AND OPINIONS IN INVESTMENT MANAGEMENT
Sebastien Lleo is Associate Professor of Finance at NEOMA Business School (France) Analyst views and expert opinions matter. They...
AN ULTIMATE GUIDE TO TURNING YOUR EARLY RETIREMENT DREAM INTO A REALITY
Rick Pendykoski is the owner of Self Directed Retirement Plans LLC, a retirement planning firm based in Goodyear, AZ. ...
WHAT EVOLUTIONARY AI MEANS FOR FINANCIAL SERVICES
by Babak Hodjat, VP of Evolutionary AI at Cognizant Many banks and other financial services institutions (FIs) are beginning...
HARNESSING ANALYTICS IN THE FIGHT AGAINST FRAUD
By Anna Lykourina, EMEA Fraud Analytics Expert at SAS In the past, the fight against fraud has been a...
ERSTE BANK HUNGARY IMPROVES AND SECURES THE REMOTE BANKING EXPERIENCE WITH ONESPAN MOBILE SECURITY
Leading Hungarian bank deploys OneSpan’s Mobile Security Suite to one million customers to make mobile banking convenient while fighting fraud...
HOW WILL LENDERS TREAT THE FINANCIAL SYMPTOMS OF COVID19?
COULD the coronavirus pandemic spark a financial crisis similar to that which was seen in 2008? Tim Kirby, Group Commercial...
ISO 20022 – THE BEDROCK FOR PAYMENTS TRANSFORMATION
Lauren Jones, Global Payments Ambassador, Icon Solutions The financial services industry has seen ISO 20022 grow firmly over the...
2020 VISION: TRANSFORMING THE LEGAL DOCUMENTATION LANDSCAPE THROUGH STRUCTURED DATA
Jason Pugh, Managing Director, D2 Legal Technology The derivatives industry has been transformed by the proactive engagement of its...
WHY LANDLORDS SHOULD MAKE THE MOVE TO THE ALTERNATIVE PROPERTY INVESTMENT SECTOR IN 2020
Reece Mennie, CEO of leading UK investment introducing firm, Hunter Jones The new decade is expected to bring with...
PROTECTING YOURSELF AGAINST LOSS OF FUTURE INCOME IN A RECESSION
By Gerard Visser, Financial Planning Consultant at Alexander Forbes Financial Planning Consultants. With low GDP growth, credit ratings downgrades and the COVID-19 pandemic,...
MOBEY FORUM TO ADDRESS DATA PRIVACY AND INNOVATION IN THE AGE OF AI WITH NEW EXPERT GROUP
Mobey Forum, the global industry association empowering banks and financial institutions (FIs) to shape the future of digital financial services, today announces...
HOW TO MANAGE YOUR SMALL BUSINESS’S FINANCES
There are a lot of fantastic business ideas that end up failing during the early years. Why? A lack of...
THE EVOLUTION OF THE TECH CFO
Gavin Fallon,General Manager, UK, Nordics & South Africa Board International Chief Financial Officers (CFOs) have traditionally been seen as...
IS FRAUD PREVENTION CONVERGING WITH REGULATORY COMPLIANCE?
By Manuel Rodriguez, Fraud Solutions Manager at SAS Several relevant reports show how the world of fraud and financial crimes is mutable...