New regulatory directives add to authentication challenge
There’s plenty of activity that needs to take place on the back end in order for customers to have a seamless authentication experience on the front, Gemalto senior vice-president for e-banking and e-commerce Håkan Nordfjell said.
Mr. Nordfjell leads the digital banking line and security initiatives for the software and technology provider that helps businesses and governments authenticate identities and protect data. He said it is an interesting time in the financial services industry as regulations like the EU’s PSD2 directive, which must be implemented in 2018, aim to make it easier for consumers to securely access financial services from a variety of providers, including fin-tech companies. Those fin-techs need access to client accounts in order to deliver their services, access banks have been reluctant to grant in the past.[caption id="attachment_82364" align="alignleft" width="201"] Håkan Nordfjell[/caption]
Gemalto helps secure transactions as the financial ecosystem accommodates new members, Mr. Nordfjell said.
“From our perspective on security, the issue is how you can make it more secure for people in Europe when they use a third party provider for financial services.”
When someone wants to use a third party service provider they need an authentication solution that is used by those third parties but which they ultimately verify. The authentication process can be cumbersome when you are dealing with service transfers between banks and third parties, Mr. Nordfjell conceded. Sometimes the process involves leaving the third party app and entering the bank’s technology. Other times the third party’s app is used and the information verified against the bank’s.
Gemalto simplifies the process by providing the technology that makes it easier for banks and third party providers to seamlessly communicate, Mr. Nordfjell explained.
“This means you should be able to use a third party app and whatever method you use to authenticate yourself.”
Either government can oversee all authentication to guarantee third party access or banks can design their own services that guarantee access.
“It’s a challenge for any country moving toward open banking with fin-techs coming into the world,” Mr. Nordfjell said. “How do you secure the application so those coming in have access that remains safe?
“We will see some discussions on a national level of how to regulate this.”
This raises several issues, including the challenge banks will have in accepting all possible authentication methods in use. Perhaps they work with fin-techs to accept a range of authentication methods.
“From a supplier point of view it is not easy when you need to support many kinds of authentication methods,” Mr. Nordfjell said. “Some countries are used to hardware, for example, while other ones new to online banking are most likely in on biometrics.”
Initiative such as the FIDO Alliance, which takes steps to enable an interoperable ecosystem of hardware, mobile and biometrics-based authenticators that can be used for many websites, are a good step, but they may not be enough to convince a bank sitting on a legacy solution they believe is working just fine, Mr. Nordfjell said.
Commerce providers are challenged to deliver a user experience that is both immediate and secure, Mr. Nordfjell explained. Any barrier results in lost revenue. Of all the security methods he has seen, Mr. Nordfjell said Dynamic Code Verification, which is a digital CVV number on your credit card, comes with one of the best user experiences.
“The customer is used to doing it, and when it is launched fraud goes down. With very little effort companies are able to reduce fraud. The cool part is you have it on your physical card so it makes it easy to launch a wallet.”
Mr. Nordfjell said he is watching blockchain technology, and one use case that could quickly develop is KYC services. If a bank wants to onboard a user they can use the ledgers to prove identity. Once verified it makes it easier for the second bank to onboard the same client.
“From an AML perspective that can be an important part,” Mr. Nordfjell said.