How will PSD2 influence the identity sector? How do you see identity processes change within the next 5 years?
CHRISTOPHER SCOTT, Programme Director/Compliance Lead & DPO, The Bunker
2018 is a big year for The Payment Services Directive 2, most authorised payment & e-money institutes in the UK have until the 12/07/18 for FCA approval. One
of the changes is banks having to add stronger layers of security to customers. Classed as Strong Customer Identity Veri cation (SCeID), and two-factor Strong Customer Authentication (SCA) it is required for all remote access to customer accounts. Failure to comply could mean proportionate, effective and dissuasive fines being imposed as outlined within the new General Data Protection Regulation
Multifactor factor authentication has been the standard to achieve in terms of protecting a person’s digital identity. In cybersecurity we talk about something you have, something you are and something you own. A few years ago we started seeing two factor authentication devices being rolled out from our banks. These were calculator type devices that allowed you to authenticate to use your online bank. Within a very small timeframe, these devices (although still available) became favoured for mobile phone authentication, where you can scan your fingerprint to log onto your bank account, transfer money etc. PSD2 in influences identify by ensuring these authentication methods adhere to the highest level of security. This means fintech businesses need to ensure their applications, APIs etc comply with a stringent set security practices.
There are a number of technologies within the fintech space that are making great strides in improving the identity processes facial recognition being one of those. A number of fintech businesses are developing applications which make it possible for you to log onto our bank accounts, sign documents and authenticate using facial recognition. These types of system are becoming so advanced that they are perceived to be more secure than traditional passwords or typical
2FA solutions. It is predicted that biometric type authentication will eventually completely replace security mechanisms of the past. With PSD2 setting the standard for security, this will naturally gain trust within the industry, which in turn will allow for innovation.
JO VERCAMMEN, co-founder, Juru CVBA / Identity Platform
Identity will become a major player in this space. Because the bank needs to identify the client that the service provider is acting on behalf. Also has the bank the responsibility to validate if the client is given consent to the service provider to act in his name and to what extent.
The problem is that our identity is locked up in diferen silo’s and it is hard to exchange or map this information between these silo’s. How can you guarantee that “Jo Vercammen” is truly “Jo Vercammen” and how you will guarantee this identity matching without exposing the identity and keeping respect to the individual’s privacy.
One option is that customer will be burned living in large set onboarding procedures to registrate at the TTP and authorize the TTP at the bank. But this will affect the customer experience and is not desirable. Another option would be that the banks and fintech players have infrastructure that shares this information. This problem is still to be addressed and we see a lot of startups investing in becoming identity providers or identity infrastructure providers.
In the next coming years, will see more and more institution rely on common infrastructures to share their identity data. This would allow a reduction on KYC-processes and reduce on-boarding burden for the customers. I hope that over 5 years, will have an infrastructure that allows my refrigerator to act on my behalf and has a shopping allowance to replenish my food supply.