The final deadline for compliance with the European Union’s revised Payment Services Directive (PSD2) is coming up in September of 2019. However, a new report from the Aite Group and iovation suggests that most payment services providers are not prepared. And those that do comply are expected to turn to some form of biometric authentication.
“The merchants that succeed post PSD2 will be those that make consumer authentication as effortless as possible through methods like ‘invisible’ device-based authentication and biometrics,” said Mark Weston, the Compliance Manager at iovation.
PSD2 requires strong customer authentication, which translates to multifactor authentication for all electronic transactions, except those that are deemed low-risk. Financial institutions must also provide access to account transaction and balance information for third-party payment service providers. Biometric authentication will allow companies to meet the PSD2 security requirements without adding a number of inconvenient steps to the payment process.
The finding echoes a previous report from MasterCard, which also conducted a study that found that only 28 percent of companies will meet the September deadline, while a full 24 percent have no plans to support the requirements for Strong Customer Authentication.
“PSD2 changes the rules for the global payment industry,” said Aite Group Senior Analyst Ron van Wezel. “Businesses should be sprinting to get their house in order.”
Though the transition may take some time, Aite and iovation theorize that the stricter PSD2 requirements will push fraud towards other parts of the world like the U.S. The FIDO Alliance previously developed a working group to consult on the PSD2 guidelines, while Gemalto has argued that PSD2 represents an opportunity for companies that need to update their security practices.