Site Title

Blog

A digital security point of view for the digital business era

It’s not just what you know

19 Oct 2016

The law calls for multi-factor authentication to keep payments safe — and biometrics could play a vital role.

The Second Payment Services Directive, or PSD2 as it’s commonly known, is a piece of legislation that has now come into force across Europe. Basically, PSD2 aims to make payments more secure by insisting on strong customer authentication.

The directive defines authentication as “a procedure for the validation of the identification of a natural or legal person based on the use of two or more elements categorized as knowledge, possession and inherence that are independent.”

To put that in layman’s terms:

  • Knowledge = something you know — a passcode or PIN, for example
  • Possession = something you have — a SIM card or a cashpoint card
  • Inherence = something you are — biometric information, such as a finger scan.

Just one of these elements on its own isn’t very secure. For instance, something you know such as a login passcode could be stolen and used by someone else. But combine that passcode with something you own, like a card reader, and it becomes stronger.

A number of companies are currently marketing their security systems as ‘multi-layer authentication’, whereas in reality they only offer two of the three layers. That’s certainly stronger than a single layer but doesn’t go as far as it could.

“For ultimate protection, you really need all three layers,” explains Ravi Ahluwalia, Deputy General Manager, Information Systems Group, “That means biometric technology is going to become increasingly important.”

An example of just what’s possible with biometric scanning is VeinID from Hitachi, which enables customers to verify their identity simply by placing their finger in a scanner. The technology is incredibly secure and, combined with the other two layers of authentication, it could create the ultimate in customer protection.

With the legislation now calling for ever more rigorous security, it seems increasingly likely that more companies will extend their offering to include biometrics like Hitachi VeinID.