FinTech At Risk: Why Multi-Factor Authentication Isn’t Always the Answer
Published On :
by Brian Costello, VP, Data Strategy from Envestnet, Yodlee
On Open Banking’s first birthday earlier this year, many marvelled at how much had been accomplished within banking and FinTech. Yet others paused to question: how far have we really come? What challenges are we now facing? Is the consumer better or worse off?
While Open Banking regulations were introduced to improve customers’ access to banking services, what’s become clear is that glaring issues remain in relation to the Second Payment Services Directive (PSD2) – particularly the implementation of regulations around Strong Consumer Authentication (SCA). These issues threaten to disrupt the consumer experience, endanger customer data and encourage risky consumer behaviour.
So what can we – banks, technology providers, and FinTech firms – do to preserve Open Banking as we know it?
We first need to start with identifying the problems facing the system today. I think these can be broken down into three groups:the unilateral implementation of authentication requirements; consumer fatigue around verification; and the overarching risk to consumer data.
Unilateral implementation of authentication requirements: The first problem facing SCA is the unilateral application of authentication requirements. In an effort to remain compliant with PSD2 regulations, many banks will unilaterally roll out SCA across all types of accounts, whether or not they’re PSD2 regulated or not. Today, banks only need apply standards to payment accounts, and while it may seem transparent and secure to apply SCA across accounts, if applied to all read-only access to savings, ISAs, and loans, customers will soon experience a significant increase in friction across their banking journeys vs today.
Consumer fatigue around verification: Applying over-zealous security requirements risks disconnecting consumers from the very system Open Banking has established, without providing any added protection. Open Banking was meant to provide a user-friendly service, but this will be far from reality if SCA is implemented across non-payment accounts as well as PSD2 regulated accounts.
Overarching risk to consumer data: The danger of SCA’s implementation goes beyond UX concerns. If we, as an industry, continue sleep walking toward unilateral roll out across account types, SCA could dismantle Open Banking as we know it. By making the consumer journey so tedious, SCA could lead consumers to take counterproductive actions that put their data at risk- like creating one password across accounts to ease the login process. If this were to happen, it would be possible that the entirety of the 69% of the UK population who use online banking services[1] could be affected. We saw this recently, when a data breach from password flaws left 2.7 billion customer records[2] at risk.
A first step in solving this problem will be to make consumers aware of it. Banks could also look to implement various levels of authentication for different functions across the customer journey for non-payment accounts. For example, viewing your balance should require less security checkpoints than transferring £30 or even £100. As banks begin to roll out SCA, considerations need to be taken to balance the consumer experience with security and safety concerns.
Open Banking promised to ensure that consumers would be able to safely and securely share data to make their financial lives more integrated and manageable. Everyone working in banking and FinTech has a responsibility to carry out this vision, despite challenges along the way. Some are already doing this, but despite the efforts of individual companies to raise these issues, progress has been slow. By working with the Financial Conduct Authority (FCA), the industry has a real opportunity to defend the interests of consumers and clarify the boundaries and limitations for additional security requirements.
The main concern around SCA is consumer protection and ensuring that everyone has tools available to them to live their best financial lives possible. This issue is a highly important one that, if left unaddressed, will leave consumers with less innovative financial tools, less competition within the banking ecosystem, and ultimately, poorer financial health.
[1]https://www.ons.gov.uk/peoplepopulationandcommunity/householdcharacteristics/homeinternetandsocialmediausage/bulletins/internetaccesshouseholdsandindividuals/2018
[2]https://www.computerweekly.com/news/252456041/Breach-of-nearly-27-billion-records-underlines-password-flaws
Wanda Rich has been the Editor-in-Chief of Global Banking & Finance Review since 2011, playing a pivotal role in shaping the publication’s content and direction. Under her leadership, the magazine has expanded its global reach and established itself as a trusted source of information and analysis across various financial sectors. She is known for conducting exclusive interviews with industry leaders and oversees the Global Banking & Finance Awards, which recognize innovation and leadership in finance. In addition to Global Banking & Finance Review, Wanda also serves as editor for numerous other platforms, including Asset Digest, Biz Dispatch, Blockchain Tribune, Business Express, Brands Journal, Companies Digest, Economy Standard, Entrepreneur Tribune, Finance Digest, Fintech Herald, Global Islamic Finance Magazine, International Releases, Online World News, Luxury Adviser, Palmbay Herald, Startup Observer, Technology Dispatch, Trading Herald, and Wealth Tribune.
-
-
BUSINESS3 days ago
Germany’s CompuGroup in talks about potential offer by CVC
-
-
-
FINANCE3 days ago
Rachel Reeves to push for UK/EU reset at finance ministers’ meeting
-
-
-
INVESTING3 days ago
At Gulf bitcoin gathering, Trump family and allies to bask in crypto industry’s euphoria
-
-
-
BUSINESS2 days ago
How businesses can defeat corporate fraud and save money: Inside Magda Metreveli’s innovative control methodology
-