By Tim Ayling, VP EMEA, buguroo
GDPR has helped make data protection a key risk for financial services companies. Leaking sensitive data can result in online banking fraud, not to mention the huge fines of up to 4% of global turnover or €20m– whichever is higher – that can be incurred as a result through non-compliance.
Now, new regulation in the form of PSD2, which again focuses heavily on consumer protection, is just around the corner, and banks must adapt again.
PSD2 aims to do three things: promote new players in an open banking landscape, reinforce the cybersecurity of payments and online fraud prevention, and empower consumer rights. In order to comply whilst retaining customers and continuing to attract new customers, financial services companies must work out how to create the right balance between a high level of security and a frictionless user experience, especially as currently most new customers are attracted digitally.
And where a company’s fraud detection methods are not sufficiently comprehensive, this new regulation will create huge friction in the user experience for their customers, as Strong Customer Authentication (SCA) will be required every time the customer attempts to pay online or access their online banking services, and when they initiate an electronic payment transaction over the value of €30.
SCA is when the payer must be authenticated by a Payment Service Provider (PSP) through at least two of these three factors: something you know (PIN number or password), something you have (a credit card or SMS One Time Passcode (OTP), and something you are (something that is inherent to you such as your fingerprint or behavioral biometrics).
To remove this extra friction for the end-user, financial services companies need to invest in a comprehensive anti-fraud solution that not only protects them from fraudsters, but actively enables compliance with financial regulation and simultaneously improves user experience.
Therefore, it is crucial to find ways to authenticate the user in the quickest and least obtrusive way possible. Most methods of authentication require some level of user interaction, for example the One Time Passcode (OTP) received in an SMS. One way to remove this extra step is through the use of behavioural biometrics, which can – in some instances – offer continuous analysis of thousands of parameters about each and every banking customer. These include, for example, the way in which they hold their phone or move the mouse.
Behavioral biometrics allow authentication to occur constantly and invisibly, having absolutely no impact on the customer. In fact, it renders their online experience more straightforward by removing the need for them to do anything except login whilst enabling the bank’s compliance with PSD2. The customer’s security is maintained and increased through continuous authentication during their session and the bank can access higher levels of customer acquisition through their offering a frictionless banking experience.
It’s not always practical to use SCA for every transaction, and there is an instance where SCA isn’t deemed necessary: low risk transactions, for example those that are under €30. If banks do not want to enforce SCA on such transactions, there is another option.
In this instance, PSD2 instead requires a Transaction Risk Analysis (TRA). This is where the risk of a transaction is measured by a solution that can provide a risk value in real time. Detecting malware in a user’s online session is required by PSD2 in building the risk score provided by this system, if they want to be exempt from enforcing SCA.
This is tricky, as banks cannot tell customers to install anti-virus software on their devices and it is not easy to find an agentless solution that has the ability to detect unknown malware. To comply with this element of PSD2, banks should seek out fraud prevention vendors providing solutions capable of detecting malware that is injecting or modifying code during a user session, as well as malicious apps or software that cybercriminals may have installed onto the user’s device.
Behavioral biometrics once again has a role to play here that can help customers to comply, enabling banks to analyze the user’s real-time behavior with parameters such as their historical behavior patterns and actions, characteristics of the device and the network they typically use, their geolocation data and many other types of information. Together, this information can generate a risk score that helps the bank to make an informed decision about the validity of the transaction being carried out.
We can see that regulators have made fraud prevention a cornerstone of PSD2, and how banks will need to turn to vendors who can help them comply with new regulation in the most comprehensive way possible.
Solutions involving behavioral biometrics and deep learning make it easier for fraud controllers to do their job, and to demonstrate that all avenues to mitigate fraud have been explored.
Criminals will always look for the path with the least resistance. Employing behavioral biometrics as part of a comprehensive security strategy means that businesses can reduce friction in the end-user experience through its invisible authentication factor. And as some anti-fraud solutions which employ behavioral biometrics do not use customers’ personally identifiable information (PII) in order to counteract banking fraud effectively, they can remain compliant with GDPR as well as PSD2.
RegTech 2020: The rise of Open Banking
This month on the RegTech 20:20 podcast, host Alex Ford is joined by industry experts Gavin Littlejohn, Chairman of The Financial Data and Technology Association (FDATA) and Jamie Leach, Regional Director of FDATA ANZ and Founder of Open Data Australia, to discuss developments in Open Banking, and the place of RegTech.
Today, the focus is on the digital customer experience and the insight offered indicates that there has been a major shift in the FinTech ecosystem as a source of potential innovation for banks, rather than being a direct competitive challenge.
In the podcast, Alex quizzes Jamie on the concept of sharing data and the impact of the introduction of Open Banking rules under the Consumer Data Right (CDR) in Australia. Jamie shares that it is an exciting time to be involved in the sector:
“…what we really need to consider is that Open Banking in Australia is very different to Open Banking in the UK. Really, what has spurred Open Banking in Australia under the Consumer Data Right is the pursuit of creating greater competition and greater innovation, while allowing consumers to do more with their data.”
Gavin, who has many years of experience in the industry and, as well as his role with FDATA is also a key member of the UK Open Banking Implementation Entity, speaks on the theme of advocating Open Finance in the UK.,’
Delving deeper into Open Banking, he highlights the fact that it has been an interesting journey and states that “the important thing to understand is the difference between the UK’s Open Banking order and the wider payment services directive.”
Not only concentrating on Australia, Jamie also works across the sector in the UK and, also looking at its evolvement here, she suggests that the people creating the rules are now taking notice, adding: “We are just getting started – the UK has been at it for nearly three years and it is still gaining momentum.”
With regards to future predictions, Jamie believes “It’s going to take 12, 18 or 24 months before we see any mainstream major adoption and where the potential of Open Banking can go in this market”
Moving to the differences between Open Finance and Open Banking. Gavin defines the latter as “payment initiation and access to payment data, which enables a third-party provider or fintech with a customer relationship to initiate a payment and get access to the data relating to transactions.”
“…the concept of Open Banking is a bit like electricity – you don’t use it directly; you use an appliance that uses it. This could mean loans, money management apps, or cloud accounting platforms, which all use Open Banking.”
Throughout the episode, both guests provide interesting insights and hint at the significant potential of Open Banking.and the connection to RegTech within this domain.
It is clear that what we see today is only the beginning. Despite the industry still being in the early stages of implementation in almost all cases, there is increasing interest in moving beyond this to include a far broader spread of financial products.
You can listen to the full episode at https://www.encompasscorporation.com/regtech2020-podcast/ or across all major platforms, including Apple Podcasts, Google and Spotify.
New digital first bank – Monument – announces its key technology providers
- Monument selects Mambu, Salesforce, Amazon Web Services, Persistent Systems and Accenture as key providers for its technology build
- Monument is the first challenger bank in the UK to service the unmet demands of more than 3.5 million mass affluent clients: professionals, property investors and entrepreneurs
- It is building a modern, unique, lego-like technology platform which takes best of breed SaaS providers and integrates them in a cloud based microservices architecture
- This will deliver an exceptional client experience and enable Monument to innovate and to introduce new components on a frequent basis
- Monument today announces that Mambu will be the central core banking engine in the platform alongside Salesforce for CRM, and AWS for cloud services
- Monument has also engaged Persistent Systems and Accenture Interactive to support the platform build
Following receipt of its banking licence with restriction on 6 October 2020, Monument has now signed agreements with a number of key technology providers to enable the build of its bespoke technology platform.
Monument wants to deliver exceptional client experiences by using technology solutions that are modern, flexible, easy to integrate and ultimately, if necessary, able to be replaced should the need arise. The design of its lego-like technology platform is Monument’s solution to the huge challenges faced by the legacy systems of established banks. Having assessed the market over many months, Monument concluded that no appropriate single solution existed in the market for the products and services that Monument will launch in 2021.
In addition, Monument only wishes to develop its own technology where it can deliver significant competitive advantage, for example in the mobile and web services to be used by clients. Much of the technology platform is therefore based on best of breed solutions from modern, cloud-based providers.
Mambu has developed the leading cloud banking engine which is an excellent fit for the platform that Monument is building. Similarly, Salesforce provides an industry leading CRM (customer relationship management) solution which can easily be integrated with Mambu and other solutions. AWS, as a leading provider of cloud-based infrastructure, provides a range of components to ensure the platform is reliable, scalable, secure and flexible.
To support Monument in building and integrating a platform with more than 18 different components/providers, Monument has chosen to work with Persistent Systems, a leading global solutions provider specializing in digital with extensive experience in software as a service (SaaS) solutions. To support Monument in rapidly building its mobile app and web-based channels, Monument has chosen to work with Accenture Interactive, which has significant expertise in building innovative digital experiences in both the financial and non-financial sectors.
Steve Britain, Monument’s Chief Operating Officer said:
“We have been working closely with our chosen providers for some months now, to lay the foundations for the build of our platform. We are delighted at how much we have already achieved, particularly as much of the work has been done by a highly distributed team because of COVID-19. We are now focused on completing the work to build a unique configuration of best in class software components that will make us highly flexible for the future and deliver market leading client service.”
More announcements will be made shortly as other key components of the architecture are confirmed.
Sudip Dasgupta, Monument’s Chief Technology Officer added:
“It was essential to me that we selected the strongest providers available. Those that offer us modern technology solutions with the best degree of integration that we need, together with flexibility for the future and proven operational reliability. In Mambu, Salesforce and AWS we have certainly achieved that objective and we are excited about our future engagement with them. Equally, as we rapidly build our platform for launching with clients in early 2021, we wanted support from providers who have been on this journey before and in Persistent and Accenture Interactive, I am delighted to say we have found that.”
Monument will be the only bank to offer its clients an entirely digital journey for buy-to-let and property investment lending of up to £2million. It will offer market leading, top quartile savings rates and its model is designed to reward loyalty. So, if a saver deposits money for a subsequent fixed term, they will get a better rate than a new customer. And a borrower who renews their loan will also be offered a favourable rate.
UKRSIBBANK, part of BNP Paribas Group, announces a strategic partnership with financial wellbeing startup Dreams, to enhance the digital user experience of its 2 million customers in Ukraine
- The technology powering popular consumer app, Dreams – which has helped 460,000 users save over 440M EUR – will be made available to UKRSIBBANK’s users in Ukraine.
- Through the integration of the Dreams platform within UKRSIBBANK’s own digital tools, customers of the bank can set and achieve money-saving goals, track and improve their financial lives.
Dreams (https://www.getdreams.com/en/b2b/), the Stockholm-born fintech empowering millennials to save and feel better about their money, today announces a strategic partnership with Ukrainian commercial bank UKRSIBBANK, a subsidiary of French international bank BNP Paribas Group.
This partnership follows the announcement earlier this year of Dreams’ first enterprise partnership with banking software provider Silverlake Symmetri, and the recent unveiling of a new department in Stockholm dedicated to the development of Dreams’ B2B partnerships. The announcement marks an expansion of the company’s business model as it consolidates its B2B offering and evolves its services as a provider of white label solutions for financial institutions.
Through the integration within UKRSIBBANK’s own digital tools of the Dreams Platform – which is rooted in scientific principles – customers can set and achieve money-saving goals through clever, automated saving features, in addition to nudges and saving hacks.
The Dreams Platform will be included as part of UKRSIBBANK’s digital banking offering for its 2 million+ customers, and is set to grant millions of potential consumers across Ukraine access to products which will help keep their finances on track and improve their financial lives.
The rise in digital self-help tools has long been anticipated by Dreams and forward-thinking financial institutions. The current global economic uncertainty brought about by the COVID-19 pandemic has also placed significant strains on people’s finances, and the demand for better personal finance tools has only accelerated. The partnership with Dreams is welcomed by UKRSIBBANK which is currently striving to equip its customers with the best possible banking solutions whilst helping them achieve a more sustainable lifestyle.
Dreams is firmly established as an authority in its industry, having launched its consumer-facing app in its native Sweden in 2016 and Norway in 2018 – where it has already achieved a 16% market share of all 20-39 year olds.
Henrik Rosvall, CEO and founder of Dreams, comments: “It’s a true honour to be partnering with UKRSIBBANK and BNP Paribas Group, and we’re incredibly excited to be introducing the Dreams solution to UKRSIBBANK’s customers and the wider Ukrainian market.
“Dreams and UKRSIBBANK can now lead the charge, with BNP Paribas Group’s corporate strategy having shifted in recent years to focus on guiding customers towards responsible consumption and sustainable personal finance management. I’m confident that our mission of helping millennials save more and feel better about their money makes us the ideal partners.
“Our financial wellbeing platform – which is built upon behavioural science and personal finance management principles – will provide the perfect tool for UKRSIBBANK to help its customers make better financial choices and become more sustainable in the way they handle their finances. This partnership will also help UKRSIBBANK safeguard the loyalty of its customers and futureproof its digital banking offering against a growing number of challenger banks and fintechs.”
Konstantin Lezhnin, Head of Retail at UKRSIBBANK BNP Paribas Group, comments: “I believe that banks have a role to improve their customers’ lives. Planning and saving for important life events improves our quality of life by reducing stress levels, and we wish to make our customers feel more confident and in-control of their lives.
“UKRSIBBANK has always applied innovative ways to assist our customers in financial planning, so we are very happy to now be working with Dreams, the best European player in behavioural savings. They have an extremely solid track record in Sweden and Norway based on scientific research, so we are confident that this partnership will work positively for our customers in Ukraine. This also demonstrates our strategy to cooperate with startups and innovative companies that seek ways to expand their operations.”
Beyond Transactions: The Payment Revolution
By Marwan Forzley, CEO of Veem The uninterrupted disruption brought on by the pandemic accelerated the need for robust, digital-first...
The UK’s hidden payments crisis: why businesses should rethink their payments strategy
By Edwin Abl, Chief Marketing Officer at Modulr. As the economic conditions imposed by the Coronavirus endure, businesses are facing a...
Investing into a more sustainable future: changing businesses from the inside out
By Shawn Welch, Vice President and General Manager of Hi-Cone Worldwide As industries across the world are facing unprecedented uncertainty...
Securing Information Throughout the Supply Chain – Preventing Supplier Vulnerabilities
By Adam Strange, Data Classification Specialist, HelpSystems The financial services sector is experiencing extreme disruption coupled with rapid innovation as...
RegTech 2020: The rise of Open Banking
This month on the RegTech 20:20 podcast, host Alex Ford is joined by industry experts Gavin Littlejohn, Chairman of The...
The case for AI technology adoption in financial back-office roles to improve efficiency
By Tomas Gogar, AI CEO, Rossum In this era, digital transformation isn’t anything new. Nonetheless, it can still cause a...
Gain financial regulation qualification online
Gain financial regulation qualification online Warwick Business School in partnership with the Bank of England are delighted to offer...
COVID-19: Dealing with fraudulent applications for the Bounce Back Loan Scheme
By Ed Lloyd, EVP Global Head of Sales, Encompass The COVID-19 pandemic is still having a devastating impact on businesses...
EU Commission sets out new intellectual property action plan affecting SEPs, patent pooling and EU design protection
By Andrew White, Partner and UK & European patent attorney at intellectual property firm, Mathys & Squire The EU Commission...
InsurTech is helping to drive the digital evolution of the UK motor retail industry
By Alan Inskip, Tempcover CEO & Founder If the last nine months have made anything clear, it is that the...