PSD2 will not only bring more competition to the existing players but it is driving innovation through their core business models which could lead to reduced market share, rapid migration of user behaviours and an additional set of rules and regulatory frameworks to operate under, further increasing the cost of doing business.

Traceability is one of the key worries in how liability will be allocated in the event of customer being compromised and tracing who is at fault in the ever-expanding layers of controllers and processors operating in the open environment. With being used across platforms, one threat to fintech’s I how they can prove they do not have liability when experience identify theft, or their account details are miss-used. Hence the requirement in PDS2 for Professional Indemnity Insurance.

The principal of customers being able to choose from a wider selection of services, easily obtaining comprehensive aggregated data about the status of their accounts will surely mean better value, convenience and more transparent services for the customers.

There are threats to customers if Open Banking participants are not able to undertake Strong Customer Authentication (SCA) and Strong Customer Electronic Identification (SCeID). This could not only result in exposure to local regulation but if customer identity is not authenticated correctly, GDPR regulation and their significant penalties could come in to play. The opportunities; one identity, single log-in, one password = convenience!

When authentication is required, three factors will be applied: something the customer is, something the customer has and something the customer knows. There will be a radical shi away from physiological biometrics (such as face, iris, fingerprint) into the smart behavioural geo-positioning biometrics further strengthening and streamlining the identity authentication process.

Authenticating through out-of-band “smart ” could mean authentication undertaken through a data stream independent from the main in-band data stream. An out-of-band authentication provides a conceptually independent channel, which allows any data sent via that mechanism to be kept separate from in-band data. If that authentication (as detailed in the previous question) was stateless; meaning once complete it would leave no trace it existed, this could prevent some of the vulnerabilities to the authentication process.

Companies like LiveEnsure that o er true user experience with mobile authentication for the crowd in the cloud, providing multiple factors of from a single API should be making the biggest change in this eld.

Source link


Please enter your comment!
Please enter your name here