How PSD2 will influence the Corporate Banking Payments landscape for the better using Biometrics

Elias Thomaidis

Senior Manager-Digital Security at Hitachi Europe

Views 279

How PSD2 will influence the Corporate Banking Payments landscape for the better using Biometrics

10.07.2018 07:45 am

Transaction processing for corporate banking operations are on a completely different scale to the retail-banking world in terms of both value and volume.  The resultant revenues form one of the main profit drivers for banks and according to the 2017 Cap Gemini World Payments Report, it is estimated that there will be a staggering 108bn corporate non-cash transactions globally in 2018 with around 27bn of these in Europe.

The corporate payments sector is competitive with strong growth and although moving along with the digitalisation process, it is held back by a number of historical inefficiencies that make it challenging to ride on the crest of the digital wave. Current solutions out in the market result in high friction for the customer making the payment process slow.

On the corporate side the banks therefore tend to focus on the relationships with their business customers and are strongly motivated to provide innovative and secure services that both improve their customers operational process and efficiency as well as securing both end-customers and themselves against potential loss from fraudulent transactions and identity theft.

According to the 2017 AFP Payments Fraud Survey, there was a dramatic rise in the number of businesses hit by payments fraud in 2016 when compared to 2015.  Around 70% of the treasury and financial professionals surveyed said they were reluctant to embrace mobile payments for their enterprises due to lack of confidence in security.

The same report further highlights how little some companies are spending on cybersecurity as a percentage of the overall IT budget despite the growing risk from ransomware, phishing and other malware.  With predictions by IDG’s CSOOnline.com in their Jan 2018 Cybersecurity Business Report that cybercrime damage costs will hit $6 trillion by 2021, we see that there is still a long way to go in securing the world of online business.

Corporate payment providers need to consider multiple security elements within the transaction.   On the authorisation side, protection from identity theft is needed and with large multi-national companies having hundreds of staff making payments on a daily basis, a solution that lacks a modern security process is critically exposed.

Non-repudiation

Identity assurance for login and transaction signing based on practical, secure and easy-to-use biometric features can greatly simplify the process and more importantly improve the overall security and integrity of the transaction. Biometrics allows a transaction to be tied to the individual via non-repudiation. For example, in a common two-factor authentication process the person making the payment uses a Chip and PIN terminal or has a password along with a hard or soft token to secure the transaction. This leaves companies vulnerable to fraud as Chip and PIN cards, tokens and passwords can be shared, written down on pieces of paper lying around desks or simply provided to junior staff as management have other responsibilities than to process and authorise payment transactions. This provides the perfect environment for fraud to be committed because the process allows anyone with the correct PIN or password to perform a transaction.

When the company identifies the suspicious transaction and reports it to the bank an investigation is launched.  If it is found that credentials have been used due to a breakdown in process as described above, the bank has every right to ensure the company foots the loss. However, since corporate customers are so crucial to the bank’s P&L, we can see that on many occasions these losses are simply absorbed by the bank. The last thing the bank wants to see is a corporate customer moving their business along with all the long-term revenues and fees that they generate.

By introducing Biometrics as part of the authentication process, the transaction is then associated to the person making it in a non-repudiated manner.  Therefore, an individual committing fraud cannot state “I didn’t make the transaction, it is my manager Rob Smith’s authentication credentials not mine!”. 

PSD2 and Regulatory Technical Standards

Since the European Banking Authority (EBA) released a discussion paper on authentication and secure communication in December 2015, there has been much debate within the Eurozone community on the levels of security that should be incorporated in the legislation. The requirement to have at least two of “knowledge”, “possession” and “inherence” included in the authentication process, is a step in the right direction. With the final version of the Regulatory Technical Standards (RTS) having been released in March 2018 there is now an 18 month period where banks need to comply with these new requirements.

For low value transactions (i.e. via a Retail online banking app), the security standards are not as onerous as say large value Corporate payment transactions. PSD2 and in particular the RTS sets out how banks must ensure their transactions are secured. One of the key aims of this legislation is to establish a platform for effective and integrated payment services, making electronic payments more secure whilst providing a frictionless user experience.  By introducing authentication by inherence within the legislation the EBA is putting in place a framework where Biometrics can be used to secure transactions which ensures an end-to-end non-repudiated transaction process protecting both Financial Institutions and the customers (be it Corporate or Retail) alike.

With only 15 months left before the Regulatory Technical Standards directive is set to kick in, banks are advised to review all their payment transaction processes and look to ensure Biometrics play a key part in securing both their business and that of their customers.

Latest blogs

Andrius Sutas AimBrain

Biometric security, banking, and why the password is passé

For banks, technological innovation brings freedom, flexibility, and seemingly inevitable security problems. The rise of mobile brought with it easy segmentation, remote onboarding, and convenience for customers. However, a recent report found that Read more »

Jonny Speers Torstone

Agile technologies key to future-proofing the back office

Global capital markets are advancing at a staggering pace. While increasing regulation has been the major driving force of change in the past decade, rapid technological advances have also contributed to the rewiring of the marketplace. As capital Read more »

Jo Howes CREALOGIX UK

Mass Market Wealth Management: The Case for Robo-Advisory services

‘Old fashioned,’ ‘elitist,’ ‘obscure.’ These are some of the impressions that young consumers have of the wealth management industry today. Long in need of a digital face-lift, wealth management is coming under increasing pressure to adapt to Read more »

Rebecca Edwards Redgate Software

Data protection – how compliant are you, really?

The way we do business has evolved. Looking back just 30 years, we can agree by comparison to today's standards that the way we stored business-critical information was archaic. In modern business, we rely on technology for much of our organization’ Read more »

Rachna Ahlawat Ondot Systems

How The Major Breaches In 2018 Showed Us That It’s Time For Consumers To Take Greater Control Of Their Cards

A few months ago British Airways became one of the latest big-name brands to suffer a major data breach, as hackers managed to steal card details – something that has this week been reported could have raised up to $12.2m (£9.4m) for Russian hackers Read more »

Magazine
ALL
Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App