2019 was an exciting and challenging year in the payment and SCA industry. With New Year’s Eve just behind us, it is a good time to look forward to 2020, not only to cover what we know will happen, but to share some speculation on what might happen.
First, some important dates:
Back on the 16th of October, the European Banking Authority (EBA) formally released an opinion that postponed the implementation of the Strong Customer Authentication (SCA) requirement, changing it from the 14th of September (2019) to the 31st of December (2020).
For issuers, there are still some important dates to keep in mind before the 31st of December. The exact deadlines can vary by region, but in Europe, these are the requirements:
With the move towards 3DS 2.1 and 2.2, it is clear that a lot of issuers will move towards an out-of-band challenge, where the end-user typically completes the SCA in an app on their phone. This follows the trend towards single device mobile banking with end-users doing all banking on their smartphones.
Likely, there are already more users using mobile banking apps than web-based banking in Europe, and by the end of 2020, it is quite possible that mobile banking will pass web-based banking for number of transactions.
But how will this impact security? With more app-based SCA, it is clear that the use of biometric sensors, such as fingerprint readers, will become even more common. But as we’ve described before, this will only cover the inherence factor.
Basically, it will let the app know pretty well that there is a person involved in the payment transaction. But this by itself does not protect from fraud: using a fingerprint cannot guarantee that the user knows what is being verified and that the app is not modified.
Unlock updates, insights, and exclusive content delivered to you.
Finally, here are five predictions we have about what will happen in the new year:
If you want to learn more about the future of open finance, SCA and the rise of mobile banking in Europe, follow us on LinkedIn to take part in the conversation, or take a look at our security solutions.