Guest Blog
The Real World of Implementing Strong Customer Authentication from the SCA Summit

Guest Post by Eric Gilmore, Head of Pre-Sales Consulting, EMEA at Daon

Daon’s EMEA team recently attended the SCA Summit in London, an event that focused on getting ready for Strong Customer Authentication under PSD2. It’s certainly topical with the deadline for implementation of the Regulatory Technical Specifications (RTS) in mid-September this year. There was an array of speakers from banks, schemes, the UK regulator and solution providers. Daon’s Chief Architect, Paul Kenny, participated in an expert panel on the day.

Here are some of the things we learned (or were reminded of) and that could be useful for others in the midst of implementing solutions for the RTS:

Among the comments made by Caroline Ambrose of Barclays, the core theme was to think of the impact across all categories of customers. She identified six – including those for whom fraud has not just financial but emotional consequences. A key theme for her was thoughtful and iterative communication around the changes that are coming. Daon’s advice in this area includes offering options to customers and using a consistent authentication method.

  • Duncan McIntosh from RBS talked about how the bank is bringing in a multi-factor authentication platform that gives them the best methods of authentication available in the industry. He emphasised the RTS’s requirement for independent methods, where having the ability to use server biometrics is valuable, such as being able to capture a face during onboarding and then use it for key security events during the customer’s lifetime. RBS is looking at reducing the use of card readers and SMS OTPs over time and moving towards mobile app authentication, with device risk assessment factors and biometrics as key elements.
  • Caroline Birchinall from Visa talked about how use of the new generations of 3DSecure will help merchants and their processors as well as the acquirers and issuers to be compliant with PSD2. The upcoming 2.2 version will provide the best authentication experience with biometrics, and Visa will mandate European issuers to have a biometric option from April 2020. While adoption of 3DSecure amongst merchants across Europe is still low, the UK is a good example of how a well-implemented 3DSecure solution can reduce both fraud and transaction abandonment rates. With the risk-based method commonly used by UK issuers, abandonment rates are at 3% even while there is a higher rate of usage of 3DSecure than in other markets at 26%. It is clear from this presentation and others that awareness of the potential impact of the RTS amongst merchants and perhaps their processors is not yet sufficient – according to Visa, adoption of the latest 3DSecure versions is vital to reduce friction at checkout. For issuers, using biometrics is one of the key steps to prepare for SCA.
  • Amongst the topics addressed by Rob Woods from Lloyds Bank were attention to detail and testing in how you communicate when signing customers up for new authentication methods - in their experience, every word matters.
  • Tim Richards from Consult Hyperion also emphasised that from his consulting work with merchants, he sees that low levels of rollout of 3DSecure amongst merchants and how this will be a barrier to ensuring that payments are compliant with PSD2. Adaptation of ACS technology will be key. Later last week, the EBA acknowledged this concern around the readiness of the European Ecommerce marketplace – we’ll have an update on their latest communication on our blog soon.
  • Representing the UK’s national competent authority and banking regulator, Alex Roy from the FCA spoke about how innovation in payments, which the FCA encourages, can be followed by misconduct. This is why the FCA is encouraging pragmatic adoption of the RTS, including careful use of the exemptions allowed to reduce friction.
  • In the afternoon panel, Paul Kenny, Daon’s Chief Architect for EMEA was among the speakers along with representatives from Starling Bank, Visa and experienced consultants. There was a good deal of discussion around the understanding of the RTS in the industry and readiness for the fast-approaching September deadline. Paul was amongst those to point out some of lesser known aspects of the RTS including the need to use a two-factor authentication approach during the registration of the credential to be used during SCA (and for lost credential resets). Starling Bank is in the enviable position of having all its customers enabled for multi-factor authentication via its mobile app (as well as being API-driven) – the panel agreed that other payment service providers see this as a key method of authentication but may use lesser approaches at the deadline and then plan follow-on projects to attain a better customer experience. This could be a key differentiator between providers in the market, though, so they won’t want to wait too long.

         SCAPanel

Despite the difficulties that could lie ahead in the short term, the panel agreed that SCA has the potential to reduce fraud by introducing multi-factor authentication, and when implemented with care can offer a good user experience.

Daon has been offering organisations a platform that is inherently multi-factor since we launched IdentityX. We are ready to help payment service providers to implement convenient, compliant multi-factor authentication and looking forward to increasing trust in payments in Europe.

For more information, contact us at info@daon.com.

Download our “5 Simple Rules for PSD2 Strong Customer Authentication” guide here.

Guest Blog
Leveraging Trust for Better Digital Transformation [Lagos]

Guest Post by Luqman Balogun, Divisional Director (Africa) Daon

Lagos is a megacity and a major financial hub in Africa. It is the location of choice for some of the biggest financial institutions on the continent, a budding fintech industry, and Daon too. 

Just over a week ago, we hosted our very first Biometric Identity event in Lagos where bankers and solution vendors converged from the financial services and telecom sectors including FirstBank, EcoBank, StanbicIBTC and UBA. 

A significant challenge in the market is identity verification which also impacts financial inclusion. The banks launched Bank Verification Number (BVN) in 2014 to address this challenge but customer enrollment is done through physical locations. In addition, transaction authentication is mostly PIN and password-based with some on-device biometrics mixed in. 

It was clearly established that there are opportunities for digital onboarding, which allows customers to register through mobile or web channels, strong multi-factor authentication for omni-channel platform and voice biometrics in the call center, which eliminates the need to speak to an agent or use KBA to verify your identity. 

The event provided great discussion, presented a vista of opportunities, and left our guests with a general realization that if banks want to innovate and simultaneously reduce fraud, authentication of users across multiple platforms/channels is a business imperative. In the two years that Daon has been operating in Africa, we’ve seen tremendous growth as more banks move toward digital transformation and seek a competitive edge by embracing innovative technologies.

Lagos Clive
Clive Bourke, President of EMEA & APAC, demonstrates Daon’s Universal platform for multi-factor authentication 

Lagos Attendees
Left to Right; Manoj Mudgal (Senior VP and Business Head - IsonBPO), Osagie Bright (Manager, IT- Ison BPO) and Sandra Enwezoh (Manager, Product Sales, Mastercard)

Lagos Clive1
Left to Right; Clive Bourke and Manoj Mudgal 

Lagos Group
Left to Right; Luqman Balogun (Daon), Vivien Agu (Head Contact Center Service Management FCMB), Clive Bourke, Lola Akinsola (Contact Center - Consumer Client Experience Management EcoBank), Olufemi Kolade (Daon)​

Lagos Luq
Luqman Balogun and Thessa Bagu (Representative - Enterprise Ireland)

If you are interested in joining us for our next seminar and would like information on future events, please contact us at info@daon.com.

Daon Blog Team
Insights from FODOx2019

Blog niall2

For those who weren't able to join us at the Future of Digital Onboarding and Customer Experience Summit for Financial Institutions in London earlier this month, the bad news is you missed a great conference and a particulalrly intriguing keynote from Daon's EMEA/APAC President Clive Bourke about the New Zealand Government's groundbreaking RealMe digital identity program.

The good news is -- you can still read the full story here.

And as an added bonus, Daon's Senior Project Manager Niall Humphreys spoke with FinTech TV about future of passwords, the financial industry, and the implementation of new technologies into banks. Watch the interview here.