If you're operating in Europe or the UK, then you've no doubt heard of PSD2. However, you may not have heard about it recently.
Here's an update on what you need to know about PSD2, which countries have adopted it so far, and how you can keep customers secure while becoming PSD2 compliant.
Everything you need to know about PSD2
PSD2 is an EU policy (that has also been implemented in the UK) designed to promote open banking. Open banking is when a financial institution securely opens up its customers' data and accounts to other financial institutions. This allows many apps, services, and newcomers to the financial sector to thrive and provides customers with new options.
While there are challenges tied to keeping open banking secure (more on that in a minute), it's benefited the countries that have implemented it so far.
PSD2 adoption progress
For the most part, PSD2 has been adopted in a reasonable timeframe by most EU countries. And those that have adopted it have given flexible timelines to financial institutions in an attempt to give them plenty of time to adopt PSD2-compliant infrastructure and policies.
Below is a breakdown of various European countries that have or haven't adopted PSD2 yet and how it has affected their businesses and consumers..
The UK passed PSD2 into law on 13 Jan 2018, making it one of the earliest adopters of PSD2. This has led to 4 million active open banking users across the UK, marking the policy as a strong success.
France was a bit slower than the UK but still passed PSD2 in August 2018. France has seen great results from implementing PSD2, with FinTech investments up 80% in 2019 over 2018.
Spain is one of the last countries to implement PSD2 and has only promised to implement it so far. The Spanish parliament hasn’t ratified PSD2 into law yet because some Spanish political parties want to add amendments that will be favourable to FinTech companies.
Like the UK, Germany passed PSD2 on 13 Jan 2018. This has helped make banking in Germany more open and, importantly, much more secure. It's also brought about new competitors in the banking space, which has benefited consumers and entrepreneurs alike.
Greece was another country that implemented PSD2 early on. Not only did the country approve PSD2 in 2018, but it also worked to create the Open Data Portal that same year. This portal makes it easy for financial organisations to share data securely.
No matter where you live, the need for strong 2FA is clear
One of the key aspects of PSD2 is its emphasis on 2FA, a.k.a. Two-Factor Authentication.
For those that don't know, 2FA is a means of securing an account that requires two unique pieces and types of information. Traditionally, all someone needs is a username/password combination.
2FA, however, requires two of the following types of authentication:
- Something the person knows (a password, answer to a personal question, etc.)
- Something the person has (a smartphone, separate online account, etc.)
- Something the person is (biometric data, like a fingerprint)
The best way to confirm something a customer has is through their smartphone
For now, the third type of 2FA authentication (something the person is) isn't a reliable ask for most users, as you can't currently assume that someone owns a device that can submit biometric data securely.
However, the first type (username/password combination) and the second type (confirming that someone is in possession of their smartphone) can be readily implemented thanks to one-time access tokens. These tokens are sent to a person's phone number and then entered alongside their username and password.
This is PSD2 compliant, relies on ubiquitous technology, is cost-effective, and doesn't inconvenience your customers significantly.
Mobile operators are uniquely positioned to determine if a device has been compromised
There are still some challenges with 2FA, including that it can be "hacked" by bad actors gaining access to a person's phone number through SIM swap fraud. Unfortunately, this is a common type of fraud and one that is relatively simple to pull off.
Fortunately, though, mobile operators like JT are uniquely positioned to counteract this fraud. JT has access to data that can determine if SIM swap fraud has occurred with a high degree of certainty, preventing illegitimate access to someone's financial resources.
For more information on how JT can help secure your financial institution and customers, particularly in the wake of PSD2 and the growing need for compliance, reach out to our team of experts today.
You can learn more about JT’s Fraud Protection Service by downloading the JT Fraud Protection Services Overview today.