How PSD2 will influence the Corporate Banking Payments landscape for the better using Biometrics

Elias Thomaidis

Senior Manager-Digital Security at Hitachi Europe

Views 335

How PSD2 will influence the Corporate Banking Payments landscape for the better using Biometrics

10.07.2018 07:45 am

Transaction processing for corporate banking operations are on a completely different scale to the retail-banking world in terms of both value and volume.  The resultant revenues form one of the main profit drivers for banks and according to the 2017 Cap Gemini World Payments Report, it is estimated that there will be a staggering 108bn corporate non-cash transactions globally in 2018 with around 27bn of these in Europe.

The corporate payments sector is competitive with strong growth and although moving along with the digitalisation process, it is held back by a number of historical inefficiencies that make it challenging to ride on the crest of the digital wave. Current solutions out in the market result in high friction for the customer making the payment process slow.

On the corporate side the banks therefore tend to focus on the relationships with their business customers and are strongly motivated to provide innovative and secure services that both improve their customers operational process and efficiency as well as securing both end-customers and themselves against potential loss from fraudulent transactions and identity theft.

According to the 2017 AFP Payments Fraud Survey, there was a dramatic rise in the number of businesses hit by payments fraud in 2016 when compared to 2015.  Around 70% of the treasury and financial professionals surveyed said they were reluctant to embrace mobile payments for their enterprises due to lack of confidence in security.

The same report further highlights how little some companies are spending on cybersecurity as a percentage of the overall IT budget despite the growing risk from ransomware, phishing and other malware.  With predictions by IDG’s CSOOnline.com in their Jan 2018 Cybersecurity Business Report that cybercrime damage costs will hit $6 trillion by 2021, we see that there is still a long way to go in securing the world of online business.

Corporate payment providers need to consider multiple security elements within the transaction.   On the authorisation side, protection from identity theft is needed and with large multi-national companies having hundreds of staff making payments on a daily basis, a solution that lacks a modern security process is critically exposed.

Non-repudiation

Identity assurance for login and transaction signing based on practical, secure and easy-to-use biometric features can greatly simplify the process and more importantly improve the overall security and integrity of the transaction. Biometrics allows a transaction to be tied to the individual via non-repudiation. For example, in a common two-factor authentication process the person making the payment uses a Chip and PIN terminal or has a password along with a hard or soft token to secure the transaction. This leaves companies vulnerable to fraud as Chip and PIN cards, tokens and passwords can be shared, written down on pieces of paper lying around desks or simply provided to junior staff as management have other responsibilities than to process and authorise payment transactions. This provides the perfect environment for fraud to be committed because the process allows anyone with the correct PIN or password to perform a transaction.

When the company identifies the suspicious transaction and reports it to the bank an investigation is launched.  If it is found that credentials have been used due to a breakdown in process as described above, the bank has every right to ensure the company foots the loss. However, since corporate customers are so crucial to the bank’s P&L, we can see that on many occasions these losses are simply absorbed by the bank. The last thing the bank wants to see is a corporate customer moving their business along with all the long-term revenues and fees that they generate.

By introducing Biometrics as part of the authentication process, the transaction is then associated to the person making it in a non-repudiated manner.  Therefore, an individual committing fraud cannot state “I didn’t make the transaction, it is my manager Rob Smith’s authentication credentials not mine!”. 

PSD2 and Regulatory Technical Standards

Since the European Banking Authority (EBA) released a discussion paper on authentication and secure communication in December 2015, there has been much debate within the Eurozone community on the levels of security that should be incorporated in the legislation. The requirement to have at least two of “knowledge”, “possession” and “inherence” included in the authentication process, is a step in the right direction. With the final version of the Regulatory Technical Standards (RTS) having been released in March 2018 there is now an 18 month period where banks need to comply with these new requirements.

For low value transactions (i.e. via a Retail online banking app), the security standards are not as onerous as say large value Corporate payment transactions. PSD2 and in particular the RTS sets out how banks must ensure their transactions are secured. One of the key aims of this legislation is to establish a platform for effective and integrated payment services, making electronic payments more secure whilst providing a frictionless user experience.  By introducing authentication by inherence within the legislation the EBA is putting in place a framework where Biometrics can be used to secure transactions which ensures an end-to-end non-repudiated transaction process protecting both Financial Institutions and the customers (be it Corporate or Retail) alike.

With only 15 months left before the Regulatory Technical Standards directive is set to kick in, banks are advised to review all their payment transaction processes and look to ensure Biometrics play a key part in securing both their business and that of their customers.

Latest blogs

David Moss Avi Networks

Maintaining Trust While Navigating through a Multi-Cloud World

Financial services companies are extending data centres with private and public clouds to keep up with demand, but does a multi-cloud environment introduce too much complexity and risk? Read more »

Philippe Martineau OSTP Alliance

Travelers to consumers: Reflecting on this year’s Transport Ticketing Global

With the world’s largest public transport gathering, Transport Ticketing Global, over for another year and our feet firmly in 2019, it seems apt to reflect on the changing global vision set at this year’s event for the future of public transport. Or Read more »

Kyle Ferguson Fraedom

Why banks need to get personal for a piece of the SME pie

The SME market, for the majority of banks, is becoming a key target sector. In the UK, according to the Federation of Small Businesses (FSB), small businesses accounted for 99.3% of all private sector businesses at the start of 2017 and 99.9% were Read more »

David Worthington Rambus

Real-Time Payments and The Growing Obsolescence of Cash

According to the World Payments Report, compiled by Capgemini and BNP Paribas, the global volumes of non-cash transaction volumes grew by 10.1%, reaching 482.6 billion between 2015 and 2016. In addition, McKinsey’s recent Global Payments 2018 report Read more »

Gerald Beuchelt LogMeIn

How banks and financial institutions can step up enterprise security

Cyber-attacks are increasing at an alarming rate, and in 2018 we’ve witnessed breaches hit several trusted brands across various industries, including British Airways, Ticketmaster, and most recently, Facebook. Read more »

Magazine
ALL
Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App