The pandemic drove massive digitisation across the globe with the CEO of Microsoft remarking they saw two years of digital transformation take place in two months. While this last year challenged organizations to rethink their digital appetite and become fearless in adopting new technologies, the rush to digitise also left gaping holes in how we protect our digital infrastructure.
For the financial services industry, regulations such as PSD2 were designed for this day. With its goal of protecting the integrity of online payments, PSD2 has helped drive innovation by encouraging the development and use of innovative online and mobile payments which became essential during the last year of lockdowns. However, questions lingered about how behavioural technology could be used to address the Strong Customer Authentication (SCA) requirements set forth in the regulation while preserving both privacy and customer experience.
BioCatch applauds the recently released guidance from the UK Information Commissioner’s Office (ICO) on the need for user consent related to data collection as it pertains to the use of behavioural biometrics as an inherence factor for SCA under PSD2. The ICO response clarifies that consent is not necessarily required in connection with using behavioural biometrics as an inherence factor for SCA under PSD2. This clears the way for UK banks and payment providers to complete individual data privacy assessments in using behavioural biometrics for PSD2 compliance.
The ICO’s clarification enables UK-based financial institutions to confidently embrace behavioural biometrics technology on their journey to SCA compliance and creates a path for financial institutions and solution providers to work together to leverage cutting edge behavioural technology to create a safe and trusted environment for consumers to transact digitally.
In addition, the Financial Conduct Authority (FCA) has extended the deadline for PSD2 SCA compliance until March 2022 in order to allow banks and payment providers appropriate time to deploy the best solution that aligns their payment fraud strategy to digital business goals.
So what’s next? As banks in the UK continue on their journey to achieve PSD2 compliance, it will also be important to consider long-term business requirements, specifically the need to meet the demands by customers for a frictionless digital experience. In a recent webinar, global payments advisor, Neira Jones, explained that industry players are in a battle to remain competitive. Driven by both regulation and rapid digital transformation, Jones noted, “Organizations have to remain relevant and valued and user-friendly.” Holding up a mobile device, Jones continued, “If we look at the technology landscape, more or less everyone is on this, and on this, you have to compete with a very small space of real estate on that machine. If people don’t trust it or don’t like it, then it will soon disappear and something else will take its place.”
As financial institutions look to expand and grow their digital presence, customer experience will likely remain at the heart of every investment. In a recent report, How to Build a Payment Fraud Strategy at the Organizational Level, Gartner acknowledged how tools, such as behavioural biometrics, will be critical to meeting customer experience demands.
Speaking alongside Jones, BioCatch’s Head of Cyber Strategy, Iain Swaine, summed it up perfectly, “It is good that the SCA requirements were written in a way to allow things to become relatively friction-free.”