People around the world are increasingly conducting their banking operations online from a range of devices, including computers, tablets and mobile phones.
Innovative banking services are flourishing, providing more reliable, convenient and straightforward solutions.
And yet, the growth of online and mobile payments has also been accompanied by dramatic growth of Internet fraud.
Banking customers expect convenience but are not willing to trade away security in the process. According to a recent Thales poll, 44% of those surveyed would switch banks if their current bank was breached. The onus on protecting personal customer information is clearly on the bank.
OF CONSUMERS WOULD SWITCH BANKS IF THEIR CURRENT BANK WERE BREACHED
PSD2 compliance: Strong customer authentication
Banks around Europe are facing the challenge of implementing the revised Payment Services Directive (PSD2) and, in practice, its related Regulatory Technical Standards (RTS).
Banks should provide a more robust framework to offer the added security that consumers are seeking. The new European regulation mandates Strong Customer Authentication (SCA) procedures for online banking services and for initiating and processing electronic payments.
Strong Customer Authentication, as defined in PSD2, means that transactions are authenticated using two or more of the following elements:
- Knowledge: something only the user knows (e.g. password, pin, ID number)
- Ownership: something only the user possesses (e.g. mobile device, token, smart card)
- Inherence: something only the user is (e.g. fingerprint, face or voice recognition)
In the case of remote payments, PSD2 compliance also requires the creation of a dynamic link. This additional authentication element dynamically links the transaction amount and the account number of the payee.
Thales Mobile Solutions
Are you looking to provide added security to your banking and financial services? The Thales Gemalto Mobile Authentication Suite delivers state-of-the-art security to the mobile channel for seamless user experience.
The software suite easily integrates into any mobile financial app to support the full set of strong customer authentication factors, including biometric methods such as fingerprint and facial recognition.
It also shields your mobile banking app against attacks like key loggers, malware, reverse engineering application cloning and phone theft. The built-in messenger software also secures the mobile channel, the authentication elements, the transaction value and beneficiary.
Using it as an out-of-band authentication channel helps protect non-mobile transactions against attacks like phishing, man-in-the-middle and man-in-the-browser.
Considering the security requirements stated by PSD2 / RTS, we may assess that our Mobile solutions address all the needs expressed by EC and EBA, and may help banks to reach a high compliance level, especially:
- Having a secure storage environment separated from the processing environment
- Protecting data as confidential data are enciphered or not stored, Strong Customer Authentication is required to access them, and measures against data duplication exist.
- Securing communication thanks to ciphering, servers exchanging with mobile are authenticated and secure channel is provided as well as device binding.
All over the world, financial institutions trust Thales to leverage the mobile channel to deliver secure and convenient digital banking services to their customers. The software suite is already used by more than 40 banks across the world to secure their financial services in such areas as mobile banking, mobile wallet and payments, online banking, e-commerce, card management, P2P money transfers and cardless ATMs to name a few!