As the Second Payment Services Directive (PSD2) starts to get implemented in national laws, customer authentication is going to become a more fundamental aspect of the payments process: it will be needed more frequently and will need to be more robust using multiple factors for re-authentication. As part of the process of transposing PSD2, the European Banking Authority issued a consultation on strong customer authentication, responses are due by 8 February 2016. This will determine the approach used across all member states, in addition to how each of them decides to implement the directive.
Authentication will also be required to support the open banking and payments APIs currently being investigated in the UK as a precursor to defining the third-party provider (TPP) interfaces to the banking system enshrined in PSD2.
Vendors and service providers will have to incorporate strong customer authentication at point of payment initiation for the vast majority of payments, value is likely to be the determining factor. With people needing to be authenticated every time a payment is made, providers will need to take care to strike a balance between strength of authentication and convenience. Solutions that can authenticate without introducing friction into the payments process will be needed and 2016 will be the year that technology companies determine their approach to this often complex issue.
It will also become necessary to separate (re-)authentication techniques from identity proofing and from identifiers. Approaches which separate the proof that an individual exists and the related confirmation that this is the customer presenting themselves from data about that person, including payment account information, will make it clearer how much confidence can be stated in a given identity. Whilst in the past it was good enough to make a binary decision – “it is, or is not, Joan Smith” – modern risk management requires us to be able to state how confident we are that an individual is who they claim to be and is connected to the data about them.
To do this we need more dynamic identity confirmation tools so that, if an identity is successfully obtained using a false passport, transactions attempted after the forgery has been discovered will be distrusted.
Identity will become an increasingly important part of our lives: 2016 promises to start defining the standards for how we trust each other, in real-life as well as banking and payments.
Our recent Payment Strategies Webinar was on selecting payment methods. If you would like to watch the recording please click here.
For more information on payments trends upcoming in 2016, why not visit our TOP 5 2016 Payments Trends article.