PSD2 “deadline” – use these 18 months to get compliant

With the “deadline” for the latest round of PSD2 compliance hitting tomorrow, Rene Hendrikse, EMEA VP of Mitek – the RegTech firm working with over 6,500 banks and FS firms – comments on what businesses need to know to ensure they can still win and retain customers in light of the new regulations.

As businesses will now have another 18 months before they need to be fully compliant, Rene advises on the solutions that exist, and are already being used by major banks worldwide, to ensure compliance, data security, and resistance to fraud.

He said: “Within the next 18 months, investing in the right technologies and implementing them quickly and efficiently should be top of the agenda for financial institutions, retailers, and online marketplaces alike, or they will find themselves in serious trouble.

“New PSD2 rules around Strong Customer Authentication (SCA) mean every customer will have to be authenticated by at least two of the following criteria: something they have, something they are, and something only they know. This requirement for stronger authentication will be necessary for many more online transactions than before. This could include an ID document, a biometric identifier, and a security question, introducing an additional layer of security to defend against the threat of fraud from online transactions. However, there is a huge challenge for organisations to implement this.

“The main issue is that the extra layer of security could make it harder for businesses to win and retain customers, due to the extra security hurdles required. This is where RegTech will be crucial – financial institutions and retailers will have to use innovative technologies to ensure compliance whilst minimising customer dropout.

“Technology such as digital identity verification that verifies a customer’s identity by comparing a selfie to a photo of an ID document can bridge this gap. Having to submit documents gives that extra level of security required for SCA compliance, while striking the vital balance between friction and security. Users can verify their identity using only a smartphone, whilst businesses can ensure secure and compliant services. Research from Experian actually shows that two-thirds of customers like having some security protocols in online transactions, as they are reassured that their identity and data are secure. A little bit of friction in the customer verification process goes a long way to ensure user trust.”