The EU's Payment Services Directive II (PSD2) has generated many questions from the financial services and payments industry. So much so we have found some in the industry turning to RSA for advice and guidance on the key considerations they need to put forth as they prepare to issue requests for proposals from potential consumer authentication providers.
Aside from the regulatory and industry standards organizations must contend with, they also find themselves in a tough spot when it comes to providing mobile services for their customers that are both convenient and secure. With mobile devices becoming the number one cybercrime target, organizations cannot afford to forego security in this rapidly growing channel.
If your organization is currently in the process of seeking to add or upgrade consumer authentication services, or plans to in the near future, RSA has a practical checklist of five key questions you should be prepared to ask consumer authentication providers:
- What array of authentication choices do you offer to support a multi-channel environment?
The fact is, we no longer live in a Web-only world and as the volume of mobile transactions continues to grow, an authentication solution should be able to address the unique requirements for end users regardless of the channel they choose. For example, for high-risk transactions in the Web channel an organization may choose to challenge a user with an out-of-band SMS, but want to induce biometrics for the same transaction coming from a mobile device. The bottom line: Choice is an essential component to user experience.
- Is the security "convenient" for the end user?
The "balance security and convenience" debate is more than just a marketing tagline. It is a very real business challenge that organizations face, especially as it pertains to consumer-facing websites and applications. There are many elements that factor in to convenience including customer authentication choice, challenge rates, and false positives/negatives.
- What is the average fraud detection rate over time?
Fraud levels are on the rise around the world with mobile becoming the number one cybercrime target; both as an originator, with 60 percent of overall fraud now originating from a mobile device, and a target. Many authentication solutions can meet the convenience test, but if it can be easily bypassed or spoofed then it fails to meet a critical requirement of being secure and being able to demonstrate fraud reduction.
- Does the solution offer a 'mobile-first' strategy?
Simply put, a consumer authentication vendor must meet the demands of millions of global consumers who prefer to transact from their mobile devices by designing authentication solutions that puts mobile first. This is not limited only to design, but should extend to fraud detection and prevention as the risk indicators for a Web transaction are going to be different than those for a mobile transaction. Therefore, a consumer authentication solution should also offer optimized risk modeling to address fraud detection across multiple channels.
- Does your consumer authentication partner have the ability to provide insight into the impact on your authentication services from existing and expected regulations?
Government and industry standards, such as PSD2 and 3D Secure 2.0, are helping to propel the adoption of consumer authentication across the globe. Solution providers should actively participate in and influence these key initiatives so that they can fully understand how it impacts your business strategy.
Regulatory powers are adapting existing regulation or introducing new ones to ensure that consumers are protected when using the latest digital services. While there are other considerations that your organization will likely have, these five questions are the ones that RSA unequivocally find to be among the most common questions asked. A trusted technology partner should be able to answer them with ease.
Download a copy of the full report, "Key Considerations for Selecting a Consumer Authentication Vendor" for additional insight.
To stay up to date on the latest fraud trends, follow us on Twitter @RSAFraud.