It has been an interesting start to the year for Europe’s retail banking sector. While PSD2 – Europe’s revised payment services directive – was introduced in January 2018, the region now looks ahead to welcome the General Data Protection Regulation next month.
What remains to be seen is how the newly implemented open banking policy adheres to the expectations of GDPR, which requires business to enhance data safeguards and privacy of EU citizens. This builds a compelling case for Frederik Mennes, senior manager market and security strategy, security competence centre at Vasco Security, to outline the need for two-factor authentication and other stringent security measures to safeguard user data and allow for a seamless, digitised and modern banking experience.
The US-based security firm works extensively with major banks and financial institutions. With more than 2,000 customers in the banking sector spread across Europe, Asia, North and South America, VASCO Security primarily focuses on validating the authenticity of online banking and related apps. Mennes and his team works on products that validate user identity as well as securing financial transactions.
The debate around user privacy has reached a crescendo in the past month, following the massive data leak of user details by social media behemoth Facebook. Nearly 50 million user profiles of Americans were used, presumably to swing the results of the 2016 US election that witnessed the victory of Donald Trump. Similar reports of social media data being used to influence voters in the UK during Brexit and polls in India have surfaced thereafter. This has prompted questions over the safety and security of personal data by businesses. Mennes believes that data, if used for the right purpose, can open up a plethora of opportunities for businesses world over. Moreover, the upcoming GDPR can greatly help European businesses legitimise the use of data for specific purposes.
“Ultimately, users have the final decision on sharing financial data with companies like Facebook and Google. A user has to provide consent based on GDPR regulations in Europe, and businesses too, have to list out specific reasons for using data of customers,” he said. Mennes suggests that with banks and financial institutions can capitalise on a wealth of user information that can be derived from their social profiles such as providing targeted asset and wealth management options. “If a company like Facebook can begin offering financial services like payments between peers, that would be a game changer.”
While the prospect of being able to transact via a widely popular platform like Facebook is exciting, there are concerns over safety and authenticity of transactions too. Mennes says, “I don’t see any negative impact on security through initiation of payments through Facebook or WhatsApp. It is a highly convenient method, especially for today’s users who are well entrenched in social media channels. With PSD2, payments have to be protected through a two-factor authentication, which is a significant step ahead for data security. Compared to earlier, PSD2 marks the advent of payment security, and this could potentially change the way businesses function.”
The success of PSD2 is debatable. While many major UK banks have implemented the directive, others in Poland, Belgium and the Netherlands are contemplating the next course of action. Meanwhile, the French senate is urging for the national implementation of PSD2. In the midst of all this, there is a crucial bridge between trust and technology. Mennes believes that between banks and fintechs, and who might emerge a winner with customers, banks have a distinct advantage. ”Banks can become fintechs themselves by offering financial services such as aggregated bank accounts, two-factor authentication and more. Banks also enjoy a higher level of trust and brand value. This is where I believe PSD2 presents a massive opportunity for banks to step up their game.”
PSD2 facilitates personal financial information to be taken out of the bank and shared with fintechs, but this is subject to GDPR too, meaning the reasons for using data should be specific and definitive. “The way I see it, customers have a lot to gain from PSD2 and GDPR coming into play as they will be given an array of financial services with the caveat of data security and retaining user integrity,” said Mennes.
For a security services provider like VASCO, this means a slew of opportunities in the coming year as banks slowly migrate to open banking, expecting a high level of security and trust. “One of our marquee services is offering two-factor authentication to financial service providers. With PSD2, we are hopeful of helping many businesses develop advanced security protocols and enable the proliferation of open banking.”
About Frederik Mennes:
Frederik heads VASCO’s Security Competence Center, working on the security aspects of VASCO’s products and infrastructure. He is a regular speaker at industry events and conferences about security technology, and a contributor to the Initiative for Open Authentication (OATH). Besides his role at VASCO, Frederik has supported the Information Security Group (ISG) at Royal Holloway, University of London in various educational roles. He earned an MBA from Vlerick Business School (Belgium), an M.Sc. in Information Security from Royal Holloway, University of London, and an M.Sc. in Computer Science Engineering from KU Leuven, Belgium. When not in the office, you will probably find him climbing a mountain or playing the piano.