In partnership with Visa, NatWest has added an invisible layer of behavioural biometrics as part of an authentication process that will enable compliance with a new EU regulation.
The Strong Customer Authentication (SCA) regulation, which is part of the EU’s Payment Services Directive 2 (PSD2) comes into force in 2021. The SCA regulation is intended to the improve security of payments and limit fraud by making sure that whoever requests access to a person’s account or tries to make a payment, is the account holder or someone to whom the account holder has given consent.
The new rules from the EU Payments Services Directive (PSD2) mean that online payments of more than €50 will need two methods of authentication from the person making the payment e.g. password, fingerprint (biometric) or a phone number. This also means that online customers will not be able to check out using just a credit or debit card but will also need an additional form of identification.
For normal ‘card present’ situations (not online) contactless will still be OK for ‘low value’ transactions of less than €50 at point-of-sale and Chip and PIN will still be suitable for values above €50.
Since biometrics can be accepted as one of the methods of authentication to comply with the new rules, NatWest has been working with Visa on behavioural biometrics technology. This technology uses uniquely identifying and measurable patterns in human activities as a means of authentication and in this case, it will involve monitoring how an individual interacts with a computing device when buying online.
The kinds of patterns that the technology can monitor and measure as a means of verification include keystroke dynamics, voice ID, mouse use characteristics, signature analysis and more. For example, behavioural biometric technology could be used to recognise the way a person types e.g. the weight or length of key presses.
NatWest and Visa
NatWest is already reported to have completed a successful trial of behavioural biometrics. Visa is reported to have already been using behavioural biometrics for fraud prevention. The work between both organisations will see the technology being used as a second layer of security that is compliant with PSD2 and SCA.
What Does This Mean For Your Business?
Businesses and banks would both like to find a way for customers to pay that is as frictionless as possible, and yet highly secure. Behavioural biometrics can achieve this because it works in the background and does not ask a user to do anything, thereby reducing end-user friction and making it easier and faster for businesses at the checkout point.
Due to COVID-19, however, in the UK, the FCA has announced that to help merchants who have been severely affected by the crisis, the enforcement of SCA has been delayed until 14th September 2021. Many businesses are currently struggling to make sure they survive, and although it’s good news that an extra form of compliant, frictionless authentication looks likely to be available in time via NatWest (maybe others to follow), the focus, for the time being, is likely to be keeping the lights on.