As digital banking and mobile commerce continue to grow, financial institutions face increasing pressure to strengthen customer authentication while maintaining a seamless user experience. Regulatory initiatives such as Europe’s Strong Customer Authentication (SCA) requirements under PSD2 highlighted the need for more secure methods of verifying user identities. Yet many organizations have been slow to move beyond outdated security tools like one-time passwords (OTPs), despite longstanding concerns about their effectiveness. Biometric authentication offers a more secure and convenient alternative, enabling financial institutions to protect customers across mobile, online, and other banking channels through a unified authentication strategy.
The above title is a modified quote attributed to Jason Tooley, chief revenue officer at Veridium. As a supplier, Veridium has a vested interest in Two-Factor Authentication (2FA) technology, but his quote is still accurate.
This article from Information Age is also spot on, indicating that the focus should be on smartphone biometrics. Mercator Advisory Group pointed this out twice in January 2017 (reports are available here and here) then again in May 2017 (available here), and yet most banks haven’t implemented biometrics across all of their channels. Even worse, many have only recently implemented One-Time Passwords which were identified as a failed security method back in 2016 and deprecated by the National Institute of Standards and Technology (NIST).
It is time to wake up and protect your customers using a consolidated 2FA biometric implementation. Here’s more from the Information Age article:
“Companies processing contactless payments will need to meet the conditions by the 14th March 2020. This would include ensuring that all appropriate systems and controls are in place.
Additionally, this date marks a six-month delay for the deadline in order to usher in an adjustment period for third-party providers (TPP) to begin only accessing Account Servicing Payment Service Providers (ASPSPs) via application providing interfaces (APIs).
However, until security of consumer data is tightened up as much as possible with the aid of the SCA initiative, it could still hang in the balance.
Jason Tooley, chief revenue officer at Veridium, shed some light on the importance of Strong Customer Authentication when it comes to the security of consumer data.
“A failure to implement Strong Customer Authentication demonstrates a disregard for consumer protection,” he said. “The ever-rising fraud levels are linked to the consumer preference of mobile e-commerce, and regulation must keep pace.
“Now that businesses have had an extended period of six months, in addition to the two years since the initial announcement, there is no excuse to not be compliant.“Strong Customer Authentication should have been prioritised long ago and viewed as a business differentiator.”
Yet in my experience talking to financial institutions in the US they are clueless about PSD2 and SCA. More importantly they don’t understand the importance of implementing a single authentication solution across all of its channels.
The transition to stronger authentication methods is no longer optional for financial institutions seeking to reduce fraud and improve customer trust. While regulations such as PSD2 and SCA accelerated adoption in some markets, many organizations still rely on fragmented security approaches that create unnecessary risk and friction. Implementing a consolidated biometric authentication framework across all customer touchpoints can improve security, simplify the user experience, and better position financial institutions for the future of digital banking. As fraud threats continue to evolve, modern authentication strategies must evolve with them.
Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group








