Dr. Security gives tips and answers questions related to cyber security. This time it’s about PSD2.
Question
Dear Dr. Security,
Everyone is talking about PSD2. Being the Product Owner of Digital Services in my bank, lately I have been approached by a lot of colleagues and members of my team who asked me how we can become PSD2 compliant. I wonder if this is needed for a Swiss bank. We already integrated 3D Secure 2.0 a few years ago. Is it worth the effort if it is not obligatory for us? What are your thoughts on this?
(Roman, Zug)
Answer
Dear Roman,
I understand you are in a position that requires you to account for many different factors when making a decision. First, let me start with analyzing some problems that exist in your industry and why 3D Secure 2.0 and PSD2 have been designed and introduced. As you know, fraud is one of the biggest problems in the financial industry and it has been for quite some time. Following the early days of credit card skimming and cloning, and since the first days of online payments fraud has been a major concern for the whole industry. To address this concern different techniques have been introduced, like 3D Secure. With the increasing number of services and people that use online banking and payments, fraud cases have increased. Looking back at the last 10 years, we have a first report from MELANI (from 2010) which mentions fraud as one of the main problems, and today, 10 years later, and despite all the efforts and investments, the situation has not changed much: fraud remains a problem, as MELANI reported in 2020.
Fraud can happen in many ways. Among the most common ones, we have phishing emails asking for sensitive information, such as credit card data, or malicious websites where the user inputs the data. Sometimes the emails, the websites can be very familiar to the user, as they are generated from familiar email accounts, or mimic the look and feel of the banking website, respectively.
3D Secure 2.0 has been an important milestone for the security and user experience of online payments. The fact that you have integrated 3D Secure 2.0 means that you wanted to offer a seamless and frictionless experience to your users when they make online purchases and create as little dropouts as possible throughout a checkout process.
Similarly to what 3D Secure 2.0 brings to credit card payments, PSD2 brings to online banking transactions: it is a really important step towards an elevated security that does not compromise on the user experience. You can read more details on PSD2, SCA, and Dynamic Linking in this article. You and your bank already have the advantage of using 3D Secure 2.0 for your customers, so why not have the same advantages but at a larger scale, and offer the same security and experience not only on online payments based on credit cards, but on every transaction and sensitive action that your users perform?
PSD2 compliance does not have to be that complicated. Of course, there is an initial effort required, but a solution like the Futurae Authentication Platform will enable a quick and easy process, both for your team and, finally, for your users. The integration is fast and the resulting solution not only is PSD2-compliant but also extremely flexible for the confirmation of any sensitive operation like the change of an address, or the online ordering of a new debit card.
Best, your Doc
I am happy to answer your questions, so do not hesitate to write to the Doctor at: doctor@futurae.com.