PaymentsJournal
No Result
View All Result
SIGN UP
  • Commercial
  • Credit
  • Debit
  • Digital Assets & Crypto
  • Digital Banking
  • Emerging Payments
  • Fraud & Security
  • Merchant
  • Prepaid
PaymentsJournal
  • Commercial
  • Credit
  • Debit
  • Digital Assets & Crypto
  • Digital Banking
  • Emerging Payments
  • Fraud & Security
  • Merchant
  • Prepaid
No Result
View All Result
PaymentsJournal
No Result
View All Result

Get Cracking: In Just Nine Months Passwords Become Insufficient For Europeans

By Tim Sloane
January 4, 2019
in Analysts Coverage, Compliance and Regulation, Digital Assets & Crypto, Fraud & Security, Security
0
8
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn
smart security

smart security

Five individuals that are well placed to know, identify that cyber threats will dominate execution and planning in 2019 in this article. This isn’t rocket science. PSD2 demands new privacy and protections, including compliance with Strong Customer Authentication, be put in place by September 13th 2019. As a result, with only minor exceptions, all companies that do business with Europeans have just nine months to implement a compliant login method. This also means that every business that accepts card payments (with minor exceptions) will need to implement 3D Secure 2.0 in that timeframe. Here is what two of the five had to say:

“Mark Gazit, CEO, ThetaRay

The complexity of attacks will continue to grow as criminals increasingly use artificial intelligence (AI) to conduct their schemes.

Banks will receive more fines for money laundering, because they will have a decreased ability to protect themselves. Rogue regimes will also use AI to achieve their cybercrime goals, including election fraud, social media manipulation, money laundering and more.

Perhaps worst of all, AI-enabled money laundering will create a greater flow of money to criminal organisations to finance narcotrafficking, human trafficking and terror attacks.

On the bright side, new advances and AI technology will help financial organisations, critical infrastructure and enterprises to better protect themselves if they choose to deploy such systems.

Russell Robinson, MD – Customer Communications Services, EMEA, FICO

2019 will be a challenging year for payments and compliance. With less than 12 months to go until EU banks implement their Strong Customer Authentication (SCA) solutions, project teams are facing tough decisions about the most important aspect of the business – customers making payments. I meet many banks that are in the process of compiling their requirements and vendor selection, and know some of these final designs are either non-compliant or will create an unacceptable customer experience.

One-time passcodes

Some banks believe they can achieve SCA compliance by relying too heavily on sending one-time passcodes. While this will suit many consumers, based on consumer research across the EU (October 2018), 60% of consumers do not want a one-time passcode by SMS. In addition, 30% of consumers said in a recent survey that they would complain if they are unable to select their preferred channel to enable SCA — for example, not with an SMS.

The industry is making moves to prepare customers for SCA with requests for current contact details. However, we are seeing signs that prescriptive demands to enable future user access are not being well received. That is evident by the John Lewis article in the Guardian and comments from readers. It is well worth reading some of these comments, if you are in any way involved with SCA.

My prediction is that many banks are going to implement point solutions to achieve compliance, and the programme managers that executed this will move on. Due to these point solutions not meeting consumer acceptance, lack of up-to-date contact details, meeting regulations and many other issues, there will be a significant number of complaints, unacceptable fraud false-positive rates, and consumer payments not completed to a level we have not seen before.

If this happens, the people who inherit the SCA programmes of 2019 are going to have their work cut out unpicking this stuff and looking to replace them with a platform approach to SCA. They will need to enable SCA extensibility and rapid integration to new authentication use cases and channels as consumer demands require or novel fraud attacks appear in the new environment.

On a related point, many banks understand phone device profiling, and SIM-swap or call-forwarding solutions are essential. However, many are expecting that SIM-swap services offered by MNOs will have evolved before SCA implementation. I believe this will be true for some MNOs, but suspect alignment will not be in place across all UK MNOs in 2019. Therefore, banks need to plan better around how they secure the SMS channel, and deal with the higher false-positive ratio using traditional methods.”

Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group

8
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn
Tags: 3D SecureEuropePSD2Security

    Get the Latest News and Insights Delivered Daily

    Subscribe to the PaymentsJournal Newsletter for exclusive insight and data from Javelin Strategy & Research analysts and industry professionals.

    Must Reads

    Making Real-Time Payments a Reality

    Fulfilling the Promise: Making Real-Time Payments a Reality

    July 10, 2025
    mortgage

    The Rich Benefits of In-House Payment Systems

    July 9, 2025
    digital cards

    Beyond Plastic: Why Digital Cards Are the Future

    July 8, 2025
    What Premium Card Overhauls by Chase and Amex Reveal About the Credit Card Market

    What Premium Card Overhauls by Chase and Amex Reveal About the Credit Card Market

    July 7, 2025
    Rewire Acquires Imagen, Looking at Prepaid Cards for Migrant Workers

    Smells Like Team Spirit: What Makes Cobranded Credit Cards Work

    July 3, 2025
    uk banking outages

    New Continuous Strategies for Battling Account Takeovers

    July 2, 2025
    Fraud Monitoring

    What to Expect When Nacha’s Fraud Monitoring Rules Take Effect

    July 1, 2025
    payments

    Don’t Just React to What’s Next in Payments—Anticipate It

    June 30, 2025

    Linkedin-in X-twitter
    • Commercial
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Digital Banking
    • Commercial
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Digital Banking
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    • About Us
    • Advertise With Us
    • Sign Up for Our Newsletter
    • About Us
    • Advertise With Us
    • Sign Up for Our Newsletter

    ©2024 PaymentsJournal.com |  Terms of Use | Privacy Policy

    • Commercial Payments
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    No Result
    View All Result