Connect with us

TECHNOLOGY

FinTech At Risk: Why Multi-Factor Authentication Isn’t Always the Answer

FinTech At Risk: Why Multi-Factor Authentication Isn’t Always the Answer

by Brian Costello, VP, Data Strategy from Envestnet, Yodlee

On Open Banking’s first birthday earlier this year, many marvelled at how much had been accomplished within banking and FinTech. Yet others paused to question: how far have we really come? What challenges are we now facing? Is the consumer better or worse off?

While Open Banking regulations were introduced to improve customers’ access to banking services, what’s become clear is that glaring issues remain in relation to the Second Payment Services Directive (PSD2) – particularly the implementation of regulations around Strong Consumer Authentication (SCA). These issues threaten to disrupt the consumer experience, endanger customer data and encourage risky consumer behaviour.

So what can we – banks, technology providers, and FinTech firms – do to preserve Open Banking as we know it?

We first need to start with identifying the problems facing the system today. I think these can be broken down into three groups:the unilateral implementation of authentication requirements; consumer fatigue around verification; and the overarching risk to consumer data.

Unilateral implementation of authentication requirements: The first problem facing SCA is the unilateral application of authentication requirements. In an effort to remain compliant with PSD2 regulations, many banks will unilaterally roll out SCA across all types of accounts, whether or not they’re PSD2 regulated or not. Today, banks only need apply standards to payment accounts, and while it may seem transparent and secure to apply SCA across accounts, if applied to all read-only access to savings, ISAs, and loans, customers will soon experience a significant increase in friction across their banking journeys vs today.

Consumer fatigue around verification: Applying over-zealous security requirements risks disconnecting consumers from the very system Open Banking has established, without providing any added protection. Open Banking was meant to provide a user-friendly service, but this will be far from reality if SCA is implemented across non-payment accounts as well as PSD2 regulated accounts.

Overarching risk to consumer data: The danger of SCA’s implementation goes beyond UX concerns. If we, as an industry, continue sleep walking toward unilateral roll out across account types, SCA could dismantle Open Banking as we know it. By making the consumer journey so tedious, SCA could lead consumers to take counterproductive actions that put their data at risk- like creating one password across accounts to ease the login process. If this were to happen, it would be possible that the entirety of the 69% of the UK population who use online banking services[1] could be affected. We saw this recently, when a data breach from password flaws left 2.7 billion customer records[2] at risk.

A first step in solving this problem will be to make consumers aware of it. Banks could also look to implement various levels of authentication for different functions across the customer journey for non-payment accounts. For example, viewing your balance should require less security checkpoints than transferring £30 or even £100. As banks begin to roll out SCA, considerations need to be taken to balance the consumer experience with security and safety concerns.

Open Banking promised to ensure that consumers would be able to safely and securely share data to make their financial lives more integrated and manageable. Everyone working in banking and FinTech has a responsibility to carry out this vision, despite challenges along the way. Some are already doing this, but despite the efforts of individual companies to raise these issues, progress has been slow. By working with the Financial Conduct Authority (FCA), the industry has a real opportunity to defend the interests of consumers and clarify the boundaries and limitations for additional security requirements.

The main concern around SCA is consumer protection and ensuring that everyone has tools available to them to live their best financial lives possible. This issue is a highly important one that, if left unaddressed, will leave consumers with less innovative financial tools, less competition within the banking ecosystem, and ultimately, poorer financial health.

 

[1]https://www.ons.gov.uk/peoplepopulationandcommunity/householdcharacteristics/homeinternetandsocialmediausage/bulletins/internetaccesshouseholdsandindividuals/2018

[2]https://www.computerweekly.com/news/252456041/Breach-of-nearly-27-billion-records-underlines-password-flaws

 

Continue Reading
Editorial & Advertiser disclosureOur website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.

Recent Posts