The PSD2 standard and digital identity verification

PSD2 (Second Payment Services Directive) will go into effect soon, on January 13, 2018. Most financial institutions have been preparing for some time to bring their processes into compliance to this standard, but consumers are mostly unaware not only of what it is, but of how it will affect them.

The first version of this standard, which dates to 2008, had the purpose of creating a single payment market in the European Union that would favor competitiveness and innovation. In 2013, the European Union proposed a revision to the standard, with the aim, among other things, of normalizing new payment methods, especially in digital contexts (online or using a mobile device), and this revision has now resulted in a second version of the standard.

One of the driving factors behind the revision was the growing concern about the security of shared data. And so, although the standard promotes the development of the electronic payment market in the European Union by opening banking entity payment services to third parties (so-called TTPs, or Third Party Service Providers), it also mandates the implementation of much more robust security measures than those already in existence.

We are referring to the mandatory introduction of a user authentication system based on two factors (Strong Customer Authentication or SCA), both during verification in the initial registration process, and in case a user loses his or her access data and requests recovery.

In other words, PSD2 requires financial institutions to allow third-party access to user data (following prior authorization), but with secure and robust user verification and authentication processes based on at least two factors. These must be classified with respect to the user as:

  • Knowledge: something that only the user knows, such as a date or a password.

  • Possession: something that only the user owns, such as a smartphone.

  • Inherence: something that pertains only to the user, such as a biometric pattern (facial, behavioral, voice, etc.)

Many identity verification systems already incorporate more than one authentication factor, but it is this last type that has been identified as the most efficient, both for companies and for users.

In addition, the authentication process must remain fast, streamlined, and safe, to avoid having the user abandon the onboarding process as well as to prevent him from seeking alternatives to the institution that is providing a bad experience.

In this regard, systems that incorporate biometrics, such as facial recognition, are turning out the be the most secure and, at the same time, the ones that provide a better, faster, more convenient user experience.

It is yet to be seen how financial institutions will implement the new standard, with its effective date growing ever nearer, but it is clear that the future of digital identity will depend increasingly on data sharing (blockchain) technologies and biometric-based identity verification and authentication systems.

Do you want to know what the experts think? Download our free e-book about the future of digital identity, in which nine experts share their vision about different aspects of biometric technologies, blockchain technologies, the new standard, and how to balance security and user experience.

¡Download free ebook!

  • ¡Download free ebook!