Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

PSD2 deadline may have moved – what will change for banks?

By Marcin Nadolny, Head of Regional Fraud & Security Practice at SAS

The Europe-wide PSD2 implementation deadline will fall on 14 September. In the UK, it has now been confirmed that the official compliance deadline for the Secure Customer Authentication section of the regulation will be pushed out to March 2021. UK companies must be able to demonstrate that they are moving towards compliance from September 2019, but no enforcement action will be taken for 18 months. For the rest of the EU in general, the timeline is unchanged. However, national competent authorities have the flexibility to provide limited additional time to become PSD2 compliant (see the recent EBA opinion).

The big picture

But whichever country you’re in, it’s essential that companies recognise the urgency at play. In the new digital world, payment security is absolutely essential. The question now is not whether PSD2 compliance should remain at the top of the priority list. It’s how quickly companies can realistically achieve it. In a nutshell, PSD2 simultaneously massively increases the amount of financial data moving into banks’ systems while also making it mandatory that they run fraud controls on that data in real time.

As PSD2 ushers in the age of open APIs in finance, the traffic volume that payment processors will have to handle will be enormous. Consumers’ personally identifiable data will be at heightened risk, and we will observe increased malware attacks and data breaches via the newly created attack vectors. If businesses aren’t prepared for the change, it’ll be a fraudster’s paradise.

Is your organisation ready to cope with this new heavy traffic and identify fraudulent activities? It might be like finding a needle in a haystack. Fortunately, AI is coming to the rescue. Emerging technologies, such as predictive models, network analytics and anomaly detection, all have the power to increase your efficiency in finding and fighting fraud.

Real-time fraud detection

PSD2 is more than just a regulation. It’s the start of a major transformation for the payments industry. With the move to digital-first, open models, there’s an increased need to operate processes in real time – providing instant payments, for example – and that means that fraud prevention will need to move at the same speed.

Adequate anti-fraud protection is required by the regulation. Banks are expected to fill out certain tests as a fraud assessment, including reviewing behavioural profiles, checking known compromised devices and IDs, applying known fraud scenarios to transactions, and detecting malware signs. Analytics can help speed up detection, find suspicious behaviours and collate data points by ingesting new data sources. This builds a picture of “normal” behaviour against which banks can measure transactions.

At present, not all banks are applying all these anti-fraud measures. Some base their protection on simple rules and aren’t able to detect fraud in real time or stop transactions in progress. These abilities aren’t technically required by the regulator until PSD2 comes into effect. Real-time fraud prevention used to be a luxury – but now it’s a must-have. Banks must take the initiative to ensure they can detect fraud in process in incredibly short time frames.

Third parties enter the market

The other major change included in PSD2 is the arrival of third-party providers in the market. These nonfinancial companies, including GAFA (Google, Amazon, Facebook and Apple), e-tailers and fintechs, will be able to work as payment processors going between customers and banks. This means the banks have a much bigger traffic volume to handle and review for fraud. Legacy systems and processes simply can’t handle it.

In order to cope, banks need to have systems in place that are able to assess for fraud at huge volumes and in real time. Not only that, but transactions from third parties might come with limited contextual information. So banks will have to enrich them with additional data on variables including digital identity, reputation and past behaviour.

AI applications will be essential to handle that ongoing enrichment at speed. Humans alone simply can’t process that level of information. So it’s essential that banks invest in AI to augment the skills they have and lighten the load of compliance.

Managing the risk

The risk to banks posed by these growing data streams is not just in terms of payment fraud. There is also a heightened cybersecurity risk. New data flows and new payment systems present possible system back doors and new attack vectors that hackers will be quick to discover. By attacking third party infrastructure, malicious actors will be able to gain access to consumers’ personal data.

 Addressing this problem is not the sole responsibility of the banks. But it highlights the level of risk associated with the increase in data volume and connectedness. Reputational damage and heavy fines are a very real possibility for institutions that don’t get their act together in time.

Compliance will require many changes to anti-fraud and customer identification processes. The technology required to handle this additional burden is out there. Banks must invest wisely and ensure they are fully equipped, whether next month or by 2021.

SAS will be attending the 2019 SIBOS conference in London, where PSD2 will be a key item on the agenda. Visit our stand to find out more about how AI could help you get ready for the deadline.