Ben Gidley, Director of Technology at Irdeto
“When looking at the final draft of the EBA’s Regulatory Technical Standards, outlining the Second Payment Services Directive (PSD2), the impact this will have on consumer experience is key.Under PSD2, consumers will be able to visit third party sites and allow them to view and act on their bank accounts. The flow of this however is relatively complex as it means the consumer has to use 2 factor authentication the first time they want to use it and every 90 days, which runs the risk of putting some consumers off. Third parties are likely to have to integrate with banks to authenticate accounts, making the process of accessing financial services more complicated.
A fluid ease of service through third parties and the banks will be key for the success of this new initiative, with both parties working in partnership to provide a seamless process, ensuring that high standards of consumer experience and security are met. Until PSD2 is implemented it is unknown whether this initiative is sufficient to stir up the European banking market. It is likely that new players in the payments space could struggle, due to necessary integration with banks and FIs.
In addition to this, the issue of security authentication must also be considered. The standards outlined in the report mandate using advance security technology to protect the communications between the server and the client. Banks must ensure that communications are effectively secured against interception – for example from MITM attacks. Solid tamper detection for all applications used to enrol users into the service is necessary. Opening up APIs introduces a whole host of new vulnerabilities which can be exploited by hackers; therefore it is vitally important that security providers are watching the developments of the PSD2 standards closely until implementation in January 2018.”