The above title is a modified quote attributed to Jason Tooley, chief revenue officer at Veridium. As a supplier, Veridium has a vested interest in Two-Factor Authentication (2FA) technology, but his quote is still accurate.
This article from Information Age is also spot on, indicating that the focus should be on smartphone biometrics. Mercator Advisory Group pointed this out twice in January 2017 (reports are available here and here) then again in May 2017 (available here), and yet most banks haven’t implemented biometrics across all of their channels. Even worse, many have only recently implemented One-Time Passwords which were identified as a failed security method back in 2016 and deprecated by the National Institute of Standards and Technology (NIST).
It is time to wake up and protect your customers using a consolidated 2FA biometric implementation. Here’s more from the Information Age article:
“Companies processing contactless payments will need to meet the conditions by the 14th March 2020. This would include ensuring that all appropriate systems and controls are in place.
Additionally, this date marks a six-month delay for the deadline in order to usher in an adjustment period for third-party providers (TPP) to begin only accessing Account Servicing Payment Service Providers (ASPSPs) via application providing interfaces (APIs).
However, until security of consumer data is tightened up as much as possible with the aid of the SCA initiative, it could still hang in the balance.
Jason Tooley, chief revenue officer at Veridium, shed some light on the importance of Strong Customer Authentication when it comes to the security of consumer data.
“A failure to implement Strong Customer Authentication demonstrates a disregard for consumer protection,” he said. “The ever-rising fraud levels are linked to the consumer preference of mobile e-commerce, and regulation must keep pace.
“Now that businesses have had an extended period of six months, in addition to the two years since the initial announcement, there is no excuse to not be compliant.“Strong Customer Authentication should have been prioritised long ago and viewed as a business differentiator.”
Yet in my experience talking to financial institutions in the US they are clueless about PSD2 and SCA. More importantly they don’t understand the importance of implementing a single authentication solution across all of its channels.
Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group