Get Strong Customer Authentication Ready for PSD2
2 likes423 views
This webinar discusses getting ready for Strong Customer Authentication (SCA) requirements under PSD2. SCA requires authentication using two or more elements to help prevent fraud. The document outlines the motivation for SCA, defines its three elements, and discusses its potential negative impact on user experience. It suggests introducing SCA incrementally to help adoption and providing frictionless experiences. WSO2 Open Banking is highlighted as enabling effective SCA through customization flexibility, authentication freedom, and adaptive authentication capabilities.
Get Strong Customer Authentication Ready for PSD2
- 1. Get Strong Customer Authentication Ready for PSD2 Kaveen Rodrigo Senior Software Engineer
- 2. Webinar Outline ● Motivation for this webinar ● Defining Strong Customer Authentication (SCA) ○ SCA in the context of Open Banking flows ○ Three elements of SCA ○ User experience impact of SCA ● Providing better SCA experiences for customers ● How WSO2 Open Banking enables SCA
- 3. Motivation
- 4. Stakeholders Not Ready For SCA ● Financial Conduct Authority UK pushes SCA deadlines 18 months ahead. ○ Acknowledges the complexity of SCA requirements and customer adoption ○ Phased roll out of PSD2 SCA https://www.fca.org.uk/news/press-releases/fca-agrees-plan-phased-implementation-strong-customer-authentication
- 6. What’s SCA Trying to Solve? • PSD2 allows accredited third parties to gain access to customer accounts/payments with customer consent • Ensures the consenting customer is not a fraudulent entity attempting to gain access
- 7. 1. Initiating Application 5. Perform Transaction TPP ASPSPPSU 2. Request Consent 4. Sent Consent Status 3. Confirm Consent
- 8. Benefit of SCA for Open Banking • Transactions only take place with user consent • Gives assurance to banks and users that the request was understood and agreed upon (WYSIWYS) • Promotes transparency throughout the transaction to consumers and the bank. • Strongly authenticates the user to avoid any fraudsters 8
- 9. Strong Customer Authentication • SCA is an mandatory requirement for PSD2 implementers • Authentication should take place in two or more elements 9 ‘strong customer authentication’ means an authentication based on the use of two or more elements - PSD2
- 10. The Three Elements of SCA 10
- 11. What is Considered as SCA? ✅ User identifier and password (Knowledge) and SMS one time password (Possession). ✅ Private pin (Knowledge) and OOBA fingerprint authentication (Possession/Inherence) User Identifier and password (Knowledge) and Security Pin (Knowledge) 11
- 12. Unwanted Effects of SCA • Existing internet banking customers who aren’t familiar with multi-factor authentication • Continued use of SCA may tire customers and cause friction to minimum risk transactions • Hindrance to user experience 12
- 14. Introducing Customers to SCA ● Strategy to roll-out SCA incrementally to help adoption of open banking: ○ Easing the SCA process on initial roll-out ○ Getting customers to adopt an SCA compliant second factors 14
- 15. 15 Authorisation User Interfaces “Consumer research has shown that people find a recognisable ASPSP login page and process reassuring and increases their confidence in the journey” ● Customer Experience Guidelines 7.2
- 16. 16 Clarity of Consumer Consent “Research amongst consumers has shown that the summary information step acts as a confirmation of exactly what they have consented to” ● Customer Experience Guidelines 7.2
- 17. 17 Use of Decoupled Authentication “Research shows that consumers are familiar with decoupled authentication when making a payment or setting up a new payment ... Many welcome the additional level of security decoupled authentication provides.” ● Customer Experience Guidelines 7.2 TPP Bank TPP Consumption Device Authorisation Device 1 2 3 4
- 18. 18 Adaptive Authentication With adaptive authentication, SCA is only applied in scenarios where the transaction risk is high, therefore the the SCA process is applied intelligently. Transaction amount > 30 Euros Transaction amount < 30 Euros Basic Authentication Second SCA element Basic Authentication Authenticated With SCA Authenticated With CA
- 19. How WSO2 Open Banking Enables Effective SCA
- 20. Customization Flexibility ● WSO2 Open banking provides flexibility to customize the SCA flow ○ Custom Authenticators ○ APIs for consent management ○ Authorization portal customization 20
- 21. Authentication Freedom • WSO2 Open Banking is built on top of the WSO2 Identity Server and comes with the same flexibilities • Already existing zero-code pluggable authenticators Authenticator = SCA Element https://docs.wso2.com/display/OB140/Adding+Custom+Authenticators 21
- 22. Adaptive Authentication Capability • WSO2 Open Banking provides flexible adaptive authentication scripting • WSO2 Open Banking business intelligence provides out-of-the-box transaction risk analysis and fraud detection https://docs.wso2.com/display/OB140/Integrate+Open+Banking+Business+Intelligence 22
- 23. Takeaway Points • SCA is an integral part of PSD2 Open Banking • The implementation strategy will play an important role in the adoption of open banking • Special thought on UX is necessary when selecting factors for SCA • Flexible SCA options will encourage different consumer groups to adopt open banking 23
- 24. Any Questions?
- 25. Lean More On WSO2 Open Banking More Information http://wso2.com/solutions/financial/open-banking/ Try out WSO2 Open Banking https://openbanking.wso2.com Get in Touch openbankingdemo@wso2.com