PSD2: Pushing businesses across the digital ID verification line

Today’s tech natives can hardly imagine the world without the comforts and benefits of many e-commerce companies and fintech firms

As a whole, digital businesses have improved our lives for the better. We save both time and money with enhanced access to thriving marketplaces driven by new and innovative business practices. Open banking, for example, has been the natural progression from digital transformation, creating never-before-seen benefits for consumers who have better access to services and control over their money than ever before.

However, as with all new and emerging sectors, open banking innovations have revealed previously unknown risks to both the consumer and businesses. As convenience often breeds complacency, very little has been done until now to stem these potential threats. Consumer awareness of fraud threats posed by phishing attacks has grown in recent years. However, with open banking these attacks have the potential to do more harm than ever by not only defrauding a user’s bank account, but also all linked financial services products. As phishing attacks become more sophisticated as will the threat of fraud will continue to grow correspondingly.

To tackle this threat, banking and e-commerce organisations have to modernise further, but this time under the watchful eye of European and UK regulators. Coming into force on 14 September, the Second Payment Services Directive (PSD2) is set to protect consumers from identity theft and asset takeovers. It is also taking regulatory compliance and technology challenges to a new level, turning into a strategic and operational challenge for many businesses. Practically, it means that new customers’ identities will have to be verified. But there’s another pain point that not even the banks saw coming.

In the past, it’s not been uncommon to have a joint account or credit card, with only one of the shared holders’ identity verified and known to a bank. This will have to stop under PSD2, and existing banking customers will also have to be re-authenticated. This will place a huge strain on even the most digitally forward-thinking institutions, who may have to re-authenticate the identities of millions of customers, as well as introduce much more stringent identity verification at the onboarding stage. Overall, banks and FS companies must work hard to see the long-term gain, not simply trying to overcome the short-term pain.

Moreover, the incoming regulation means that banks and fintech businesses will have to authenticate every customer by at least two of the following criteria whenever they want to make an online transaction: something they have, something they are, and something only they know. This could include an ID document, a biometric identifier, and a security question, going beyond simply a card and a pin – as is the current standard. This introduces an additional layer of security to defend against the threat of fraud as open banking grows and e-commerce volumes expand.

Another important regulatory development, pushing digital-first businesses to innovate, is the Online Harms White Paper consultation, launched by UK government earlier this month. It sets the scene for a set of legislative and non-legislative measures aimed at making companies more responsible for their users’ safety online, especially children and other vulnerable groups. It introduces an interesting notion of the duty of care that modern businesses – including financial institutions, shared economy marketplaces and e-commerce companies – have towards their customers and users.

What we’ve also started seeing is a sea of change in consumer attitudes and expectations. This could be in response to both the rising threat of online fraud and the news of impending regulatory changes. It’s becoming increasingly clear that consumers now prefer and place more trust in businesses with robust identity verification in place – even if it takes some of their time to jump through authentication ‘hoops’. A little friction in a customer journey in the

name of online safety is now seen as a good thing. It is also seen as a positive within a partnership or part of a supply chain – as businesses can’t afford the risk of non-compliance under GDPR and other privacy regulations linked to fraudulent identities. That is all well as a concept. But are robust ID checks sustainable for businesses in the long run?

To ‘fight fire with fire’, businesses should use technology as the answer to cyber-security and fraud concerns that surface amid widespread technological innovation. For example, online marketplaces are only a fraud risk because technology has enabled their existence, but technology is also the cure. AI-led digital identity verification that authenticates the identity of every customer or user on online marketplaces can significantly reduce the risk of fraud and money laundering online – fighting fire with fire might just work.

What’s more, the simplicity of taking a selfie can reduce compliance costs, improve ROI, and maximise the volume and value of online transactions for businesses. It’s set to benefit large traditional and digital-first challenger businesses alike. It is a good case of compliance enabling further innovation and modernisation in the newest sectors of our economy.

Off the back of PSD2, regulation technology will help all financial institutions, not just digital firms, to better understand their customers. This will reduce the risk of losses created by fraud within their customer base as firms can detect and monitor potentially fraudulent activity in real time. This can only be of benefit as it will improve firm reputations and makes sense from a pure business point of view.

Nevertheless, many companies have been slow to prepare for PSD2 and have yet to implement regulation tech that will ensure their business complies. There are immense benefits beyond mere compliance… The saying ‘data is the new oil’ has never rung truer in the face of rapidly increasing ID and financial fraud. So, is your business ready to cross the digital identity verification line in the race to win consumer confidence and protect profits?

About the Author

Rene Hendrikse is MD, EMEA at Mitek. Mitek is a global leader in mobile capture and digital identity verification solutions built on the latest advancements in AI and machine learning. Mitek’s identity verification solutions enable an enterprise to verify a user’s identity during a digital transaction, which assists financial institutions, payments companies and other businesses operating in highly regulated markets in mitigating financial risk and meeting regulatory requirements while increasing revenue from digital channels.