Strong Customer Authentication

Overview

Adaptive authentication helps banks to deliver strong customer authentication

PSD2 in Europe and 3-D Secure 2 globally require payment service providers to develop compliant identity authentication strategies that are risk-based and take account of customers’ abilities and preferences. With adaptive authentication, decisions about when to deploy authentication and what methods to use are appropriate and optimized for each occasion.

What authentication strategies are banks investing in?

As payment service providers adapt their authentication strategies to meet the requirements of 3-D Secure 2 and PSD2 Strong Customer Authentication, we wanted to know more about their priorities. FICO’s 2020 banking survey found the following near-term investment priorities:

55

%

Percentage of banks planning to enhance customer experience of existing authentication

52

%

Percentage of banks planning to enhance device recognition capabilities

51

%

Percentage of banks planning to enhance biometric capabilities

51

%

Percentage of banks planning on improving the collective working of existing authentication capabilities across areas

Take a risk-based approach to strong customer authentication

Financial services organizations want to make a proportionate response to risk that is also compliant with regulatory and scheme rules.

When strong customer authentication is applicable, customers must be authenticated using at least two factors each from a different category of inherence, possession, and knowledge.

Something you are; this includes physical biometrics such as fingerprints, facial images, and voiceprints, and behavioral biometrics such as keystroke analysis.

Something you have; device telemetry and one-time passcodes delivered by SMS, email, or within applications are authentication methods based on the possession factor.

Something only you know; passwords and secret questions are examples of authentication using knowledge.

A risk-based approach balances the demands for account security and excellent customer experience while meeting the requirements of regulation and scheme rules.

Authentication is adapted to the circumstances present, be that customer preferences, level of risk, risk appetite, or cost of authentication; authentication decisions that are appropriate in every instance.

The combination of authentication and fraud data leads to better decisions; for example, authentication data from a customer’s device combined with transactional information lets you know that they are present where a purchase is being made.