Strong customer authentication and digital identity

Strong Customer Authentication (SCA) lies at the heart of the Payment Services Directive (PSD2) that came into effect in September 2019. Banks are required to provide a more robust framework for their online banking and electronic payment services to ensure added security for customers, and to comply with the Fifth Anti-Money Laundering Directive.

Online banking facilities have been increasingly moving online to keep pace with consumer demand, heightened further due to the Covid-19 pandemic.

For banks, it has become essential to keep up to speed with the customer and repeatedly verify their identity in a fast-paced digital world. 

Inevitably, the additional authentication now required will create extra friction during the customer journey, and banks need to overcome some of the barriers and risks that currently hinder their verification processes.

For example, many banks rely on authentication systems such as text messages which are open to interception and are vulnerable to security attacks. These systems were not designed to be used as a part of secure customer authentication and instead have been retro-fitted to form a part of the customer journey. 

When banking methods and technology aren’t aligned - such as in this example - it creates pockets of risk that SCA was designed to mitigate. It also means that some banks have had to overhaul their IT infrastructure completely to replace legacy systems and bring them in-line with the digital age.

BANKS THAT ARE SLOW TO ADOPT DIGITAL PRACTICES COULD BE LEFT BEHIND - IT'S ESSENTIAL TO KEEP PACE WITH THE NEW WAVE OF AUTHENTICATION AND USER EXPERIENCE."

The essential component to improving the customer journey and mitigating risk at the same time is the source of trusted identity that customers use for all their banking activities. This once again brings the debate for a national digital ID scheme to the fore.

A digital ID scheme has significant potential to deliver in two key areas – security and simplicity. 

Combining a public (credit, ID&V etc.) and private (biometrics, device etc.) profile would create one unique digital ID for an individual. Financial organisations could use this to verify an individual either in person or by sharing select parts of a digital profile through a secure transfer mechanism.

FOR A DIGITAL ID SCHEME TO WORK IT NEEDS TO BE EASY TO AUTHENTICATE AND TRUSTED BY CONSUMERS."

For a digital ID scheme to work it needs to be easy to authenticate and be trusted by consumers.

According to a survey by nCipher Security, consumers trust banks more than any other organisation when it comes to data privacy and security¹. This suggests that if a digital ID scheme is to be implemented, it needs to be driven by the private sector to reflect consumer confidence and ensure adoption on a national scale.

PSD2 and SCA provided a great opportunity for the financial services sector to work together and begin to create a national digital identity. It is inevitable that a digital ID scheme will happen anyway and the data suggests that banks are best placed to create a scheme that provides positive customer experiences whilst ensuring data privacy and security standards are upheld.

The alternative is ominous. Customers are already using versions of digital ID to verify their Apple and Facebook accounts and the transition to a digital ID scheme to benefit the customer is already happening. The question remains – where are consumers going to place their trust?

References

1. https://www.nciphersecurity.co.uk/about-us/newsroom/news-releases/ncipher-survey-reveals-americans-trust-banks-most-their-personal