PSD2 and GDPR, the catalyst for security and convenience convergence

December 21, 2017

Innovation and technology acceleration continues at rapid pace, influencing consumers’ demands for a more digital lifestyle and raising the bar for organisations to meet and exceed those expectations while complying with draconian regulations. 

Although the first impulse for fintech providers and financial institutions alike is to perceive regulation as a barrier to progress, new rules such as the Second European Payments Directive (PSD2) and the General Data Protection Regulation (GDPR) can bring as many opportunities as potential obstacles to fulfilling the digital-only imperative.

Take the PSD2, for example. The new directive sets up the framework for truly digital, safe, fast, and user-friendly payments. It also opens the door to a larger degree of disintermediation, which is generally perceived as a big win for consumers albeit yet another headache for financial institutions.

Aware of this dichotomy, regulators have given all regulated entities the benefit of the doubt, relying on their capacity to a) assess the implicit risk of remote transactions and; b) to put in place sufficient means to mitigate that risk. Keeping customers’ funds and personal identities safe is paramount and the reviewed payments directive acknowledges it, setting very specific standards for secure electronic identity verification. From January 2018, the end user’s identity must be verified by two or more authentication factors classified as:

  • knowledge – something that only the user knows (such as a PIN or a password)
  • possession – something that only the user has (such as an identity document or a token)
  • inherence – something that only the user is (biometric trait such as such as user’s face, voice or fingerprint)

Leveraging digital identity verification to streamline PSD2’s Strong Customer Authentication

Good news is that the technology required to streamline the identity verification step of Strong Customer Authentication or SCA is already here. At Mitek we offer a comprehensive identity verification solution which leverages the camera on mobile devices to combine ID document authentication and face comparison, instantly solving the identity proofing step. Leveraging the camera on mobile devices helps mitigate the risk of fraud and substantially improves the user experience. Furthermore, Mitek’s Mobile Verify® enables organisations to simultaneously meet two out of the three SCA requirements, seamlessly verifying in real-time that the person they are dealing with is who they claim to be.

It’s hard to overstate how much of a game changer PSD2 will be for the financial industry, although it seems clear that in essence, PSD2 is all about ensuring security for consumers and businesses. 

GDPR, the ultimate driving for enhanced, more secure and delighting digital experiences

In the same vein, organisations and consumers are expected to benefit from another regulation entering into force later in 2018, the General Data Protection Regulation (GDPR).  Although many argue that the GDPR will create more friction than better solutions, we think this new directive will be a strong driver for enhanced, more secure and delighting digital experiences. GDPR will also increase both the frequency and severity of identity verification checks, most of which will be conducted digitally.

With virtually the entire European population being subject to request access to their personal information at one point or another, being able to verify the identity of the person requesting such access in a fast, easy, secure, and compliant manner won’t be a mere ‘nice-have’ but a ‘must-have’ for all regulated entities.

In other words, being able to flawlessly and securely confirm both the identity and the age of information requestors – minors as young as at the age of 12 will be also able to ask for access to their personal data –will definitely turn into a key competitive advantage. Smartphones ‘ubiquity and advanced artificial intelligence will make it possible for consumers to verify their identities from anywhere, at any time.

As proven leaders in securely dealing with PII for global companies operating within heavily regulated sectors, we see incredible potential for those businesses which take the lead and offer better, more secure and compliant digital experiences.