Six month until PSD2/SCA implementation: Mitek comment

Tomorrow, 14th March, the official implementation deadline for the European Payment Service Directive’s (PSD2) Strong Customer Authentication (SCA) requirement will be only 6 months away. Coming hot on the heels of open banking, it’s designed to make online transactions safer and stymie fraud. Yet, with massive opportunities come considerable implementation challenges.

Rene Hendrikse, EMEA MD of Mitek: “With open banking, consumers can now benefit from better deals, access to new products and services, and better control over their money. For businesses, it has enabled innovation and increased competition in a thriving marketplace. But there is also a dark side of opening up the world of banking – it becomes possible to not only defraud a consumer’s primary bank, but also their other chosen financial providers. As open banking takes off, the potential for fraud will grow exponentially.

“To tackle this, the regulator has introduced ramped up identity checks, with the addition of rules around ‘strong customer authentication’ (SCA) which come into force in six months’ time. Now is the time for banks to recognise the need to invest in fraud prevention technologies, to combat the increased threat of fraud in an open banking landscape. With SCA, banks will require every customer to be authenticated by at least two of the following criteria: something they have, something they are, and something only they know. This could include an ID document, a biometric identifier, and a security question, going beyond simply a card and a pin – as is the current standard. This introduces an additional layer of security to defend against the threat of fraud as open banking grows – but it also presents a challenge for organisations to implement in the next six months.

“Banks and FS firms must focus on putting the technology in place to be able to verify customer identities in line with PSD2. Regtech, technology that helps achieve regulatory compliance, will play a more important role than ever before as open banking grows. Investing in regtech means that financial institutions will be able to put more emphasis on stopping account opening fraud and monitoring for fraudulent activity.

“For example, identity verification technology handles the “are” and “have” of SCA, by verifying an ID document against a selfie. AI-driven anti-fraud technologies will also be crucial to monitoring for and stopping fraud when it occurs. Within the next six months, investing in the right technologies and implementing them quickly and efficiently should be top of every bank’s agenda.”