Entersekt, a global specialist in digital security solutions, is urging banks and other financial institutions not to underestimate the time it will take to meet strong customer authentication (SCA) compliance mandates set by the second Payment Services Directive (PSD2) in Europe. The company has made its SCA checklist and whitepaper “Turning a compliance challenge into business success” available to help financial institutions (FIs) as they prepare to meet the full SCA requirements.
Though the legislation has been in effect since September 2019, the European Banking Authority (EBA) has given an extension to FIs to meet the SCA obligations, including offering multi-factor authentication and dynamic linking, until 31st December 2020. There have been requests to extend this even further due to the COVID-19 pandemic, but as yet, the date still stands.
“It’s clear that the European authorities are keen for banks and other financial institutions to meet these guidelines for more secure electronic payments at the earliest opportunity,” said Frans Labuschagne, Country Manager UK & I at Entersekt. “However, different types of financial institutions may experience varying challenges. For example, traditional banks may find themselves less agile when overhauling legacy systems, while newer financial services with perhaps more agility may struggle with simply knowing where to even begin.”
Entersekt is offering two resources to assist FIs navigate the murky waters of PSD2 – a checklist that describes in simple, yet thorough, terms the SCA requirements of the directive. This PSD2 Strong Customer Authentication Checklist includes detailing technical standards like multi-factor authentication and the need for an item in the customer’s possession, as well secure digital linking between the payment service provider and the security credentials, along with dynamic linking to make the payer aware of the transaction amount at the time of transaction.
The second resource is a whitepaper entitled “Turning a compliance challenge into business success” that explains how with the right partners, financial institutions can transform a set of mandatory security standards into a competitive advantage. It explains how a mobile-first approach to SCA could be the answer to FIs’ requirements for enhanced security with a frictionless user experience.
“Flexibility is an essential feature of any PSD2-compliant authentication solution. Banks and other service providers should invest in technology that will adjust to future revisions of the Regulatory Technical Standards,” said Labuschagne. “This will allow for new security controls applied to a wider set of use cases and it will be a win-win for security and usability.”