Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Get Strong Customer Authentication Ready for PSD2


Published on

Banks are standing face to face with the PSD2 go-live deadline, however, they are still not ready to roll out their interfaces with Strong Customer Authentication (SCA). For this reason, the Financial Conduct Authority (FCA) agreed to give an extra 18 months for the roll-out of SCA.

SCA ensures that the consumption of financial APIs by the third party is done with the explicit consent of the customer and with multiple levels of assurance in the authentication, to ensure customer authenticity. WSO2 Open Banking allows compliance of SCA and provides extendability, allowing configuration of custom authentication methods such as SMS one-time password, out-of-band authentication, etc.

This deck covers in detail:
- An introduction to PSD2 AIS, PIS Flows
- The basics of SCA
- Configuration of Multi-Factor Authentication with WSO2 Open Banking
- Additional Adaptive Authentication with WSO2 Open Banking Business Intelligence

Watch the webinar on-demand here -

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Get Strong Customer Authentication Ready for PSD2

  1. 1. Get Strong Customer Authentication Ready for PSD2 Kaveen Rodrigo Senior Software Engineer
  2. 2. Webinar Outline ● Motivation for this webinar ● Defining Strong Customer Authentication (SCA) ○ SCA in the context of Open Banking flows ○ Three elements of SCA ○ User experience impact of SCA ● Providing better SCA experiences for customers ● How WSO2 Open Banking enables SCA
  3. 3. Motivation
  4. 4. Stakeholders Not Ready For SCA ● Financial Conduct Authority UK pushes SCA deadlines 18 months ahead. ○ Acknowledges the complexity of SCA requirements and customer adoption ○ Phased roll out of PSD2 SCA
  5. 5. Strong Customer Authentication
  6. 6. What’s SCA Trying to Solve? • PSD2 allows accredited third parties to gain access to customer accounts/payments with customer consent • Ensures the consenting customer is not a fraudulent entity attempting to gain access
  7. 7. 1. Initiating Application 5. Perform Transaction TPP ASPSPPSU 2. Request Consent 4. Sent Consent Status 3. Confirm Consent
  8. 8. Benefit of SCA for Open Banking • Transactions only take place with user consent • Gives assurance to banks and users that the request was understood and agreed upon (WYSIWYS) • Promotes transparency throughout the transaction to consumers and the bank. • Strongly authenticates the user to avoid any fraudsters 8
  9. 9. Strong Customer Authentication • SCA is an mandatory requirement for PSD2 implementers • Authentication should take place in two or more elements 9 ‘strong customer authentication’ means an authentication based on the use of two or more elements - PSD2
  10. 10. The Three Elements of SCA 10
  11. 11. What is Considered as SCA? ✅ User identifier and password (Knowledge) and SMS one time password (Possession). ✅ Private pin (Knowledge) and OOBA fingerprint authentication (Possession/Inherence) User Identifier and password (Knowledge) and Security Pin (Knowledge) 11
  12. 12. Unwanted Effects of SCA • Existing internet banking customers who aren’t familiar with multi-factor authentication • Continued use of SCA may tire customers and cause friction to minimum risk transactions • Hindrance to user experience 12
  13. 13. Providing Frictionless SCA Experiences
  14. 14. Introducing Customers to SCA ● Strategy to roll-out SCA incrementally to help adoption of open banking: ○ Easing the SCA process on initial roll-out ○ Getting customers to adopt an SCA compliant second factors 14
  15. 15. 15 Authorisation User Interfaces “Consumer research has shown that people find a recognisable ASPSP login page and process reassuring and increases their confidence in the journey” ● Customer Experience Guidelines 7.2
  16. 16. 16 Clarity of Consumer Consent “Research amongst consumers has shown that the summary information step acts as a confirmation of exactly what they have consented to” ● Customer Experience Guidelines 7.2
  17. 17. 17 Use of Decoupled Authentication “Research shows that consumers are familiar with decoupled authentication when making a payment or setting up a new payment ... Many welcome the additional level of security decoupled authentication provides.” ● Customer Experience Guidelines 7.2 TPP Bank TPP Consumption Device Authorisation Device 1 2 3 4
  18. 18. 18 Adaptive Authentication With adaptive authentication, SCA is only applied in scenarios where the transaction risk is high, therefore the the SCA process is applied intelligently. Transaction amount > 30 Euros Transaction amount < 30 Euros Basic Authentication Second SCA element Basic Authentication Authenticated With SCA Authenticated With CA
  19. 19. How WSO2 Open Banking Enables Effective SCA
  20. 20. Customization Flexibility ● WSO2 Open banking provides flexibility to customize the SCA flow ○ Custom Authenticators ○ APIs for consent management ○ Authorization portal customization 20
  21. 21. Authentication Freedom • WSO2 Open Banking is built on top of the WSO2 Identity Server and comes with the same flexibilities • Already existing zero-code pluggable authenticators Authenticator = SCA Element 21
  22. 22. Adaptive Authentication Capability • WSO2 Open Banking provides flexible adaptive authentication scripting • WSO2 Open Banking business intelligence provides out-of-the-box transaction risk analysis and fraud detection 22
  23. 23. Takeaway Points • SCA is an integral part of PSD2 Open Banking • The implementation strategy will play an important role in the adoption of open banking • Special thought on UX is necessary when selecting factors for SCA • Flexible SCA options will encourage different consumer groups to adopt open banking 23
  24. 24. Any Questions?
  25. 25. Lean More On WSO2 Open Banking More Information Try out WSO2 Open Banking Get in Touch
  26. 26. THANK YOU