Online banking is beyond doubt, still an evolving stream of business operations, which has had its share of challenges, and has emerged from time to time. Studies show that at least 49 percent of businesses were the victims of cyber criminals, who stash away money through unauthorized access.
While financial sector worldwide is facing the wrath of technology and growth of ecommerce, newer rules and regulations are being carved out to check this menace. On the other hand, directives are being rolled out to protect the best interests of the consumer, by transforming the way in which financial data is exchanged.
Presently, Europe has been on the forefront of cyber reforms, with prime focus on banking and privacy. The European Union (EU) has recently rolled out the Payment Services Directive (PSD2) which is all set to result in a complete metamorphosis of how online payments are made and the financial data is processed, so as to ensure better protection and enhanced security to the customer. This legislation ensures that certain intermediaries no longer profiteer through hidden charges and concealed exchange rates.
As a Small World customer, you’d be pleased to know that we had all these mechanisms in place, prior to these being made mandatory. Our Business Ethics have guided us to provide our customers with the most comprehensive security measures, and the best exchange rates. Hence, Small World remains fully complied with the recent requirements put forth by EU. Let us now dive into some of the core concepts related to this reform.
What is PSD 2 and SCA?
Back in November 2016, the PSD 2 was rolled out with a mandate that The EU countries must incorporate necessary changes as per the directive within a span of two years. However, by 14th September, 2019 PSD2 will be through with all its phases and turn effective. The PSD generally encompass two main aspects, which includes market rules and business conduct regulations, which govern and control the financial sector.
Under business conduct regulations, the most nucleus of it is Strong Customer Authentication (SCA), which banks are required to follow. This ensures that the transactions made by the EU customers are far more secure and it must be implemented from 14th September, 2019 in ecommerce transactions. Thereafter, all the payments would be made in accordance with the Regulatory Technical Standards (RTS). The RTS is the blueprint that defines the framework which needs to be followed to comply with the SCA requirements.
Why bring in PSD 2?
With most of the products and services being sold online, intermediaries and ecommerce giants continue to make substantial profits. However, what is against the best interests of the consumer is the restriction on sharing financial information during online transactions. So the PSD 2 protects the consumer against the two most common methods used to profiteer. Generally speaking, these include unfair exchange rates and hidden costs. Quite often, the consumer who is at the receiving end is deprived of fair exchange value, which is regulated worldwide through Foreign Exchange Rates and is burdened with high transaction fee. There are several ways to look at this pro-consumer regulation, but to do that you need more clarity on certain concepts which are discussed below.
Transforms online payments
Now the consumer cannot be asked to pay a separate “fee” for using a certain payment gateway such as Paypal or Visa. Plus, with SCA in place, the financial data can directly be made available to third parties through an Application Program Interface (API).
The prime focus of PSD2, is to get the banks to set up an API, which upon the authentication by the consumer, enables access to third parties, but only to certain data. Now this data has to be very specific to the transaction and that’s the catch. Several organizations have found this to be complex and have requested more time. After all, there are certain security norms that the API needs to satisfy and the right technology needs to be implemented to do that.
Increased security with Strong Customer Authentication (SCA)
The SCA requires the use of Multi-Factor authentication, which revolves around providing just the necessary data to necessary parties, and requires a multi-factor authentication before every transaction, whether inter-related or not. Also, there is no flexibility considering that the transaction is between the same parties. So, if you, as the consumer purchased something online from an e-commerce website, then your bank would be required to only provide data relevant to that transaction — Payment or Receipt.
A peep into how SCA works
The simplest way to put it is that when the customer makes payment through a financial services provider, then he must use multiple layers of authentication. One layer would include a One Time Password (OTP) sent to the registered mobile or email id, or some other information like PIN, Secret question or the phrase to which the Account Holder has exclusive access. Next step in the authentication process is the use of an object, like a microchip card, pen drive, badge or token. The financial services provider is also required to make use of iris, fingerprint, voice or similar unique personal identification to grant access. Small World has been using the SCA technique since long in order to ensure better security for its customers.
How the Financial Services Providers have been reacting to PSD2?
Although PSD2 is a good initiative to expand and facilitate global trade and protect the best interests of the consumer, there are certain shortcomings, which have surfaced. The banks seem to be having a tough time figuring out the protocols to design the APIs. The financial services sector seems to be engulfed in confusion, due to lack of a precise set of standards for the APIs to be designed. Also, quite a few of them have sought extensions as the SCA implementation costs are high. While the financial markets are in turmoil, and service providers are struggling to keep up with the PSD 2 requirements, Small World takes immense pride in informing our customers that we have already implemented all these measures. It was long back that we realized how tech savvy consumers are becoming and identified the need to protect their best interests with an additional layer of security that SCA accords.