With each application and website that hosts financial data such as bank details, there are several access points for hackers to enter and steal confidential financial information. Identity theft is the singular most common criminal occurrence and research has shown that individuals will be hacked at least once in their lives.
Banks are increasingly fielding complaints and lawsuits that hold them partially responsible for identity theft. The increasing sophistication of fraud has led to the need for more advanced security in Fintech applications and websites.
Traditionally, a numeric pin code is used however this has evolved to a unique passcode for the majority of applications. However, users are still vulnerable to hacking or coercive methods which therefore calls for more robust security measures. Multi-factor authentication provides several layers of security, meaning that it’s much more difficult to access financial information.
The UK is leading the way with multi-factor authentication and is rolling out new legislation as from September 2019. All applications and websites that require 2-factor authentication in order to continue operating. This is set to reduce ongoing Fintech breaches by around 80%.
Multi authentication factors are becoming more widely used across a number of industries to provide secure data systems for customers. The most popular factors are as follows:
- Knowledge factors – “that which you know” for example, password or questions that are only applicable to the specific user
- Possession factors – “that which you have”, e.g remote tokens, bank/credit card details
- Inherence factors – “that which you are”, over the past 5 years, facial recognition and biometric fingerprints have become commonplace for multi-factor authentication
While Open Banking regulations were introduced to enable customers to access banking services safely, it’s become clear that these glaring issues remain in relation to the Second Payment Services Directive.
If we break this down it’s clear that the regulations around the Strong Consumer Authentication contribute to the overriding issues of multi-factor authentication. Consumer data is at risk, which therefore encourages risky consumer behaviour. As FinTech firms, it’s our responsibility to take additional security measures, so how exactly do we tackle the issue of Open Banking?
The overreaching risk of consumer data poses a threat to the industry as a whole, so in the effort to remain compliant with regulations such as PSD2, it’s a given that the majority of Open Banking businesses will turn to SCA rollout across customer accounts.
The pros and cons of SCA
SCA is being put in place to protect consumer data, which will prevent the continued rise of fraudulent claims and legal issues. In order for this to work as a whole user experience will need to be taken into consideration. Multi-factored authentication can present issues throughout the customer journey and can lead to customers resorting to unsafe practices.
For example, a customer may choose to use a single password for each factor, instead of opting for more sophisticated, alphanumerical passcodes. This can be extremely problematic as it leaves accounts just as vulnerable as they were prior to the SCA roll out.
Choosing inherence factors as a step can be exclusive of customers who may not have the biometric fingerprint or facial recognition options, so it’s important to provide multiple factors that the customer can choose for themselves. This again can be problematic for UX and can become a costly development job for Open Banking businesses.
Overall, this roll-out will require full compliance from customers which means using different passwords that are harder to guess. The main issue for multi-factor authentication is consumer protection, so this will require cooperation from both Open Banking applications and customers.
About the Author
Alice Porter is a financial writer and analyst for UK Bridging Loans. She aims to share her insight on multi-factor authentication with consumers and business owners alike.
Please leave your questions and comments below: