How Does Strong Customer Authentication Help Banks Fight Against Fraud?
Today, consumers rely on mobile and online transactions to manage their bank accounts, sign up for mortgages and pay bills. This convenience has a dark side: fraud and phishing are on the rise. But things are about to change, driven by regulatory compliance.
Has your bank introduced a new way to login to your online or mobile banking in recent weeks? Or suddenly, you’ve started inputting your pin a lot more regularly when making payments in stores? This is all thanks to one thing: Strong Customer Authentication (SCA).
Designed primarily to protect consumers, SCA was introduced as part of the second Payment Services Directive (PSD2), and is beginning its supervisory rollout by enforcing compliance of online banking providers next month. At its heart, SCA is designed to provide a greater safety layer against online fraud, and is now more necessary than ever.
In the first half of 2019, criminals stole 40% more than in the same period in 2018 through bank transfer scams. Fraud losses on cards totalled to £313 million. Encouragingly, almost £500 million of card fraud was stopped by banks and card companies – and only three per cent came from contactless payments. However, for an industry built on trust and security, these small bright spots aren’t enough.
Have. Are. Know.
So how does SCA protect against the rise of online fraud? In certain, more high-risk transactions, customers will have to authenticate themselves using at least two of the following criteria: something they have, something they are, and something only they know.
What you are could be your fingerprint, or a selfie – something that biometrically identifies you as you. Something you have could be a credit card, card reader or an ID document. Something you know could be your PIN, a security question, or a One Time Passcode (OTP) generated by your bank and sent to your phone.
All of these are currently used to authenticate you: fingerprints for Apple Pay, card details for online payments, or OTPs for new bank transactions, for example. But it’s the combination of at least two that is bolstering transactions against the threat of fraud.
How will online transactions change?
In the pursuit of reduced fraud, banks are falling back on failsafe fraud-proofers to authenticate customers for online transactions. Some customers have been prompted to dust off their trusty card readers to login to online banking, while the majority of banks are putting more emphasis on using mobile banking apps – where accessing the app via fingerprint or facial recognition will be supplemented by an OTP sent to your phone.
We know that customers expect stronger security layers when banking and making online purchases. They are also more willing to share their digital identity information with banks than any other institution, including government entities. But could such stringent authentication prove too much for some?
Some of the steps banks are taking to comply with SCA may be seen more as a nuisance than necessary anti-fraud measures. This could be attempting to get a strong mobile signal when logging into your banking app, or needing your card reader to hand every time you want to transfer to a new payee. It’s likely to be those customers who crave seamless in-app experiences who could be more disgruntled than most. But SCA should, at its core, also help banks cater to digital-savvy customers.
Making SCA a reality
Having every part of the authentication process happen within one app is key to delivering a quick and simple experience. Rather than being limited to fingerprints and facial recognition – or sci-fi style retina scans – authenticating what someone “is” can be as simple as a photo or video taken on your phone’s camera.
There are two ways this may take shape. The first starts long before a specific transaction is attempted, at the point when a customer is first being onboarded. Banks already use identity verification technology to verify a photo of a new customer against their ID document – to ensure compliance with Know Your Customer regulations. Thanks to this, they can keep the ID document on file, and ask for a new photo to verify against it whenever a transaction prompts SCA authentication. This covers off the ‘what you are’ and ‘what you have’ within one app, and within a short space of time.
The second could be used for larger, more high-risk transactions, where the whole identity verification process happens at the time of the transaction. For customers transferring large amounts of money to a new payee, the process of taking a selfie and a picture of your drivers’ licence is an extra step worth taking – after all, two-thirds (66%) of consumers say that they appreciate security “hurdles” because it makes them feel better-protected.
The new fraud frontier
For banks themselves, verifying that a customer is who they say they are with every high-risk transaction would be a major step forward in the fight against fraud. But it requires proactive action, and investment in the technology that makes this possible, is crucial.
While the time for banks to make this investment is almost up, retailers and card and payments providers still have until March 2021 to decide which technologies will work best.
It is critical that banks keep consumers’ needs top of mind in order to get their buy-in. Only with their adoption can banks make a giant stride in stopping fraud in its tracks.
Source: Taken from this article.