Turn mandatory PSD2 compliance into a strategic advantage with Entersekt

Jonathan Knoll|08 November 2017
Turn mandatory PSD2 compliance into a strategic advantage with Entersekt

PSD2 introduces an entirely new market dynamic. While it will bring banks a new burden of compliance and open them up to increased liability, this regulatory framework also comes with exciting new opportunities for revenue. Although much has been written about the PSD2 requirement of strong customer authentication (SCA) for securing interactions, not much has been said so far about the new form of relationship between banks and their customers that PSD2 will create – not to mention the twist that third-party providers (TPPs) will add. Banks are faced with the challenge of complying with a vast set of new requirements while also preparing for a whole new business dynamic, and in record time.

At Entersekt we have worked hard to plot a clear path to success for our clients: turning PSD2 compliance into a new business opportunity, creating a competitive edge and revenue driver. Entersekt’s solution does not just ensure SCA compliance, but establishes a future-proof foundation for your organization and delivers a superior mobile user experience, while also enabling a range of new and innovative service possibilities. We believe the road to a successful SCA rollout lies in following three steps.

1. Offer audit-ready SCA compliance

Your organization needs to become SCA-compliant by the time PSD2 takes effect, and be able to prove that compliance to regulators. The Regulatory Technical Standards (RTS) describe what is required to comply with strong customer authentication. We believe the most important aspects are as follows:

  • Strong customer authentication is required for all proximity and remote transactions performed on any channel. SCA entails using two factors of authentication out of a possible three (knowledge, possession and inherence). At Entersekt, we believe the possession factor – the customer’s mobile phone, which they always have with them – is paramount, combined with other factors, such as PIN/password or biometrics, in a layered approach.
  • The authentication code for any transaction must be dynamically linked to both the amount and the payee. This has been a core feature of our product since its inception.
  • The separation and independence of the SCA elements. This can be achieved by leveraging Entersekt’s fully encrypted, out-of-band authentication channel. Our solution gives you the ability to both initiate and authenticate a transaction in one app on one device. We pioneered this technology back in 2008, and it has been central to our approach since. We have a track record of success in implementing it, with many lessons learnt that our clients can benefit from.
  • The ability to securely associate the customer with their personalized security credentials, their authentication device(s), and any software that will be used in authentication. In other words, OTP is no longer a viable option – something that leading analysts like Gartner as well as regulatory and industry associations have been saying for years.
  • The ability to monitor the access that new third-party providers (TPPs) will have to customer data, aided by strong customer consent – in other words, non-repudiable signed proof of a customer’s consent to grant a TPP access to their data. The way to ensure this proof is to obtain digitally signed customer mandates for all transactions.

Entersekt’s SCA solution meets all RTS requirements and has a proven track record of securing billions of transactions. By choosing Entersekt as your PSD2 partner, your organization will benefit from a solution that is scalable and has been judged to be compliant by external assessors. Yet our Transakt technology is about more than just ticking a regulatory box. Solid security lays the foundation on which you can build all manner of innovative new features and services, with no concerns about fraud.

2. Provide a consistent, winning user experience

With PSD2 enabling many new interactions, the user experience you offer will be key to your success. We believe that in the post-PSD2 world, forward-thinking organizations will build customer-centric experiences that empower users to interact from anywhere, at any time, strengthening their trust relationship with each interaction.

One approach to this that has worked really well for one of Entersekt’s customers is to follow a mobile-first strategy. Since deploying our technology, Capitec Bank (ranked the best retail bank in the world by Lafferty Group for two consecutive years) has doubled its client base, and boasts a 90% satisfaction rate in their app feedback – not to mention the cost savings the bank is seeing due to customer interactions moving from in-branch to mobile.

How can your organization follow the same path?

  • Offer converged authentication, i.e. use the same SCA method for multiple use cases, delivering a consistent user experience across all channels. This makes authentication easy, builds user trust, and also leads to a low total cost of ownership (TCO), since you only have to support one authentication platform.
  • Make your authentication method easy to use, and users will adopt it for everything. Instead of shying away from interacting with customers for authentication, make each time you interact with your user via your SCA channel an opportunity to build trust with them. Under PSD2, where many new TPPs will interact with your users, that trusted interaction will become crucial.
  • Provide encryption of sensitive data residing in the mobile banking app (for example, by leveraging Entersekt’s “Data Safe” feature, which allows users to encrypt data both on the phone and in the cloud).
  • Become the trusted party that protects your customer’s digital assets. Enable your customer to be the gatekeeper for access during high-risk interactions by empowering them with real-time prompts over a trusted channel.

Most of the new interactions with third parties that will become possible because of PSD2 will occur on the mobile channel. Mobile interaction is therefore key to your organization’s success.

 3. Enable evolution

Can you turn a mandatory compliance requirement in to a strategic advantage? Entersekt believes that the answer is yes. You’ve already allocated funding to PSD2 compliance, so why not turn it to your benefit? We recommend the following approach:

  • Implement a solution that covers all user and authentication lifecycles: rollout, maintenance, account recovery, off-boarding and the addition of new channels. Invest in a solution that was designed for the mobile and online world. This will enable flexibility, so that you can adjust for future RTS revisions without having to implement a new solution.
  • Drive significant costs savings by leveraging a single authentication platform for all authentication use cases, while building trust with a consistent experience across all channels. At the same time, your trusted channel to your end user will enable you to serve your customers faster and more economically.
  • Once you’ve established yourself as the trusted keeper of your customer’s digital assets, and have a secure channel to your customer in place, you can add new digital services that your customer can access from anywhere and at any time. This will not only retain existing customers, but also attract new ones. A core tenet of PSD2 is to empower the consumer to be in control of their data. Allowing customers to approve every single banking or other transaction on their mobile phone provides that empowerment.

Once a bank becomes the keeper of its customers’ digital assets, the bank’s strategic position vis-à-vis their customers and TPPs changes. The bank does more than just deliver a commodity, and is more than a “dumb pipe”: it becomes the custodian of all current and future digital assets, whatever form these may take. The bank also provides services built around access to and management of these valuable assets, thereby solidifying its position as a strategic cog in the value chain. The bank remains the trusted party and retains its relationship with customers, while third parties offer services that leverage this access to digital assets. 

In this way, instead of just being a burdensome box to tick, PSD2 becomes the vehicle for banks to establish and solidify their value proposition in the digital landscape of the future. Banks that embrace this opportunity to reposition themselves will flourish and grow stronger, while banks that do not will be at risk of becoming nothing more than a commodity service provider.

About the author

Jonathan Knoll

Jonathan Knoll

Country manager Central Europe

Jonathan brings us over 25 years’ experience in business development, strategy, marketing, and sales in the United States and Europe. Most recently, he served as director of financial services strategic partnerships at PayPal, building on his already extensive knowledge of the digital payments and financial services industries.

Subscribe to our newsletter for our latest news, press releases and events

logo entersekt

Entersekt is an international software development company based just outside of Cape Town, South Africa.

We are leaders in authentication, app security, and payments enablement technology, offering a highly scalable solution set with a track record of success across multiple continents.