People worldwide are increasingly conducting their banking operations online from a range of devices, including computers, tablets, and mobile phones.
Innovative banking services are flourishing, providing more reliable, convenient, and straightforward solutions.
And yet, the growth of online and mobile payments has also been accompanied by a dramatic increase in online fraud.
Banking customers expect convenience but are not willing to trade away security in the process.
According to a Thales poll, 44% of those surveyed would switch banks if their current bank was breached. The onus on protecting personal customer information is clearly on the bank.
OF CONSUMERS WOULD SWITCH BANKS IF THEIR CURRENT BANK WERE BREACHED
PSD2 compliance: Strong customer authentication
Banks around Europe are facing the challenge of implementing the revised Payment Services Directive (PSD2) and, in practice, its related Regulatory Technical Standards (RTS).
Banks should provide a more robust framework to offer the added security that consumers are seeking. The new European regulation mandates Strong Customer Authentication (SCA) procedures for online banking services and initiating and processing electronic payments.
Strong Customer Authentication, as defined in PSD2, means that transactions are authenticated using two or more of the following elements:
- Knowledge: something only the user knows (e.g., password, pin, ID number)
- Ownership: something only the user possesses (e.g., mobile device, token, smart card)
- Inherence: something only the user is (e.g., fingerprint, face, or voice recognition)
In the case of remote payments, PSD2 compliance also requires the creation of a dynamic link. This additional authentication element dynamically links the transaction amount and the account number of the payee.
Thales Mobile Solutions
Are you looking to provide added security to your banking and financial services? Our Gemalto Mobile Protector delivers state-of-the-art security to the mobile channel for a seamless user experience.
The software suite easily integrates into any mobile financial app to support the full set of strong customer authentication factors, including biometric methods such as fingerprint and facial recognition.
It shields your mobile banking app against attacks like key loggers, malware, reverse engineering application cloning, and phone theft.
The built-in messenger software also secures the mobile channel, the authentication elements, the transaction value, and the beneficiary.
Using it as an out-of-band authentication channel helps protect non-mobile transactions against attacks like phishing, man-in-the-middle, and man-in-the-browser.
Mobile security for PSD2/RTS
Considering the security requirements stated by PSD2 / RTS, our mobile solutions address all the needs expressed by EC and EBA, and may help banks to reach a high compliance level, especially:
- Having a secure storage environment separated from the processing environment
- Protecting data as confidential data are enciphered or not stored, Strong Customer Authentication is required to access them, and measures against data duplication exist.
- Securing communication thanks to ciphering, servers exchanging with mobile are authenticated and secure channel is provided and device binding.
All over the world, financial institutions trust Thales to leverage the mobile channel to deliver secure and convenient digital banking services to their customers.
The software suite is already used by more than 100 banks worldwide to secure their financial services in such areas as mobile banking, mobile wallet and payments, online banking, eCommerce, card management, P2P money transfers, and cardless ATMs, to name a few.
Our comprehensive Strong Customer Authentication offer to secure access to digital banking is also available as a service, as part of our Gemalto IdCloud platform.