Banks face a dramatic increase in the number of cyber-attacks, the sophistication and complexity of those attacks, and the associated payment risks.
Fraudsters and hackers are constantly challenging the security measures put in place by banks to protect sensitive business data.
In the meantime, consumers are using more and more innovative services with a seamless experience and expect banks to find the right balance between the security level needed and reduced friction in the user journey.
Evaluating risk and adapting accordingly
The European legislation, the revised Payment Service Directive (PSD2), requires that banks adopt security measures to the level of risk involved.
Payment service providers (PSPs) have an obligation to operate transaction and risk monitoring to assess, detect, and prevent risks linked to payments and any access to account operations.
- A payment service provider can bypass any strong customer authentication (SCA) requirements for those transactions identified as low risk.
- For those transactions that are deemed more high risk, such as sudden changes in location, or abnormal spending, step-up authentication will be required.
By evaluating risk and adapting accordingly, banks can offer a targeted approach that strikes the right balance between security and user convenience.
Smart fraud protection based on risk
Thales Gemalto IdCloud Fraud Prevention
Looking to provide robust security to your banking and financial services while still maintaining an optimal end-user experience?
The risk management services of our Gemalto IdCloud platform provide a groundbreaking approach to proactive fraud prevention in online banking. The smart risk assessment enables banks to analyse online banking sessions in real time and select the most appropriate level of customer authentication for each individual transaction.
A risk-based authentication (RBS) approach is the winning combination of security and convenience in the new digital and open banking ecosystem.
And our Gemalto IdCloud Fraud Prevention is the perfect answer, with risk management services that meet the PSD2/RTS requirements in risk assessment.
It helps banks to evaluate the actual risk of each transaction to only activate additional authentication measures when necessary.
Powered by machine learning, customers' profiles and behaviour are analysed in real time across a range of attributes and signals, including geolocation, device profiling, IP address, device assessment, and behavioural biometrics.
Thanks to Gemalto IdCloud, banks can define a granular authentication policy based on customer segmentation, customer preferences, use cases, and their own parameters.
More resources on SCA and payment risk management
The new PSD2 directive is a fundamental piece of payment legislation in Europe. Learn how to get ready with Thales.
Strong Customer Authentication
Strong Customer Authentication, as defined in PSD2, means that transactions are authenticated using 2‑factor authentication or more.
Innovate with Open Banking API
By working more closely with third-party actors, financial institutions can better prepare themselves for market changes and proactively identify research and development areas.
Risk management and fraud prevention for an optimised digital banking experience
Add risk management to enhance onboarding and access to your digital banking services in compliance with PSD2.