BioCatch pitches behavioral biometrics as second factor for PSD2 to stop fraud through third parties
The third-party payment providers (TPPs) that financial institutions must allow to connect to their systems through open APIs under PSD2 represent a vulnerability that will be targeted by fraudulent actors, according to a BioCatch blog post.
PSD2 is intended to make online payments easier, flexible, and secure, but many of the security and fraud controls in place at European banks are not set up to monitor sessions originating with TPPs, and will not be able to stop attacks from that vector, BioCatch says. TPPs are subject to fraud detection standards, but any fraudulent accounts they allow to open must be identified after the fact by financial institutions to prevent attacks from being successful.
The Strong Customer Authentication (SCA) section of PSD2 requires two-factor authentication, and behavioral biometrics can be used to satisfy this requirement without introducing friction to the user experience, according to the blog. Continuous monitoring of users before and after login allows financial institutions to identify fraud, and stop account takeover attacks in the initial authentication or re-authorization process. It also allows them to monitor the success rate of TPPs acting as secure partners.
BioCatch recently deployed Redis Enterprise VPC to handle its rapidly scaling customer base, for which it processes 5 billion transactions per month for 70 million customers.