European banks wrestle with using biometrics to meet multi-factor requirements of PSD2
As the date for implementing the final stage of Europe’s Payment Services Directive 2 (PSD2) approaches, banks in the EU are wrestling with how to comply with the requirements for multi-factor authentication, which will make biometrics-only systems like Apple’s FaceID insufficient for even logging into a bank account, Forbes reports.
PSD2 becomes effective on September 14, 2019, and as the deadline approaches, banks are considering using passwords, memorable phrases, security questions and card readers to satisfy the need for a second factor, according to the report.
“I can’t see how it won’t introduce more friction in the banking process,” Clydesdale and Yorkshire Bank Director of Payments and Open Banking Mark Curran told Forbes.
Challenger banks have become more popular in Europe in part by reducing the customer friction associated with the banking experience. Innovations in banking apps themselves could reduce the impact of PSD2, for instance by separating balance checking from their more sensitive capabilities, like making payments and viewing account history.
Within the banking industry, however, there is concern that satisfying multi-factor requirements will lead to a return of inconvenient login processes similar to legacy methods, says fintech consultancy 11:FS Co-founder Simon Taylor.
“Banks are wrestling with lots of internal systems and often don’t have the ability to easily implement a great experience,” Taylor told Forbes.
The most challenging aspect for the financial industry may be communicating with customers about what the changes are, and why they are necessary.
Mastercard has suggested that multi-factor requirements of PSD2 will drive biometric adoption for online payments, and the European Banking Authority has approved of behavioral biometrics as an authentication factor, as pitched by providers BehavioSec and BioCatch.