Skip to main
Back to Industry insights

Biometrics and authentication - what you need to know.

How biometrics can improve the customer journey and help meet the requirements of PSD2 regulations.

The Thredd team

March 24, 2022

What are biometrics?

They’re physical characteristics unique to a person that are used in automated recognition. They can include, for example, using your fingerprint to get into your mobile phone, or using your voice to access your bank account. Thredd provide a 3D secure service that supports biometric authentication. There’s more on this below.

 

Why are biometrics key at the moment?

One reason is PSD2 - an acronym for Second Payment Services Directive. PSD2 is a set of EU regulations aimed at improving security for credit and debit card users. The legislation came out of the European Banking Authority and was adopted into UK law.

There are several parts to PSD2. One is the requirement for financial institutions to have implemented Strong Customer Authentication (SCA) by the March 14 2022 deadline.

Other aspects include technological innovation, the increase in fraud – and therefore the prevention of it via biometrics and biometrics, leading to an improved customer journey.

 

Technological innovation

Advances in the sophistication and capabilities of tech has meant that more is possible from this perspective. For example, FinGo, a Manchester-based fintech reportedly has a partnership with VMC [1] to create a world-first retail vending technology where users can pay and prove their age through a scan of their finger. Their tech scans an individual’s vein pattern - which is unique - through an infrared device.

 

Fraud prevention

Stopping fraud is a key driver in the use of biometrics – as is evidenced by the PSD2 regulation. In the first half of 2021, losses to app fraud hit £355.3m, overtaking card fraud for the first time, according to a Which? study [2]. They add, every hour, bank transfer scam victims lose more money than the average UK worker earns in a year - £28,203.

Biometrics can provide that extra level of security. For example, FSTech explains HSBC [3] reported a 72% reduction in telephone fraud in January 2022 versus January 2021. Plus the rate of attempts was down by two-thirds Year on Year over the same period. HSBC largely attributed the decline to its voice biometrics system Voice ID.

 

Improved customer journey

The ability to use biometrics, like voice and face identification, as well as fingerprint can create a far quicker customer journey by cutting out the need to wait for customer service agents for example or remembering passwords and passcodes. On top of this it also provides reassurance to a customer because it delivers the additional level of security.

 

What is authentication?

A set of additional checks when someone uses a payment card to verify the identity of the person who is using the card. In some instances, the cardholder will be required to verify their identity in two different ways.

 

Who has to adhere to the PSD2?

  • All financial institutions in the EEA and UK.
  • Financial institutions who are supporting 3D Secure on their cards (required if they are offering ecommerce payments) must be able to offer SCA to their cardholders.
  • These regulations apply to cards issued in the European Economic Area (EEA) and the United Kingdom.

 

What do the regulations require from an SCA point of view?

Offering SCA requires having a combination of two forms of customer authentication when a customer makes a payment on a card which has 3D Secure and has been issued in the EEA or UK.

The customer authentication could be any two of the three below for example:

  1. Knowledge: Something the customer knows, for example their PIN or password.
  2. Possession: Something they have, such as a mobile phone, card reader or other device evidenced by a One-Time Password.
  3. Inherence: Something they are, like a fingerprint, face recognition or voice recognition.

 

How can I offer SCA to my customers?

Financial institutions need to ensure they have strong customer authentication (SCA). We have a solution - an additional service, called 3D Secure which enables Thredd customers to set up SCA with their cardholders. It’s an add-on service that is integrated into the Thredd platform which you can access via our API.

 

What does 3D Secure via Thredd do?

Among other tasks, we can check the value and frequency of payments and identify whether SCA is required, or if the payment is exempt from SCA - in real-time.

 

Can Thredd help my business meet SCA requirements?

  • Our Thredd Apex processes billions of transactions every year and is fully certified by Visa and Mastercard.
  • We test every single transaction to see whether it meets SCA criteria.
  • We can undertake a high level of the transaction and status checking for you.
  • Feel reassured in the knowledge that when the regulations change, we update our systems to comply with the regulations. Our highly configurable platform and full suite of APIs means you can deliver real-time spending notifications to your customers which is crucial in ensuring PSD2 is adhered to.

 

Do Thredd comply with the regulations?

At Thredd we support our customers by staying up to date with the regulatory requirements of all the territories we operate in, giving financial institutions the peace of mind that that their solutions meet the required standards, helping to promote consumer trust in your brand.

Thredd are a trusted and proven partner, right at the heart of the fintech ecosystem, depended on by global brands like Revolut, Zilch and WeLab.

Thredd’ security standards mean you don’t need to be concerned about security or durability. On top of our PCI DSS L1 accreditation, we are certified for ISO 27001 (which covers information security) and ISO 22301 (which covers business continuity) and we work towards the latest measures in compliance.

We have a solution that satisfies the expectations of tier 1 banks as we have passed the test to work with them. Royal Bank of Scotland for example, came to Thredd when looking to developing their digital proposition, Bo.

 

Is it a complicated, costly process?

Utilising and building partnerships with specialist providers, such as Thredd in the issuer processing space, mean you can deliver these services to your customers swiftly and securely, deepening your relationship with customers, delivering the services they need – and want – and ensuring you’re ready for future regulation. Thredd’s Apex processes billions of transactions every year and the configurable format means it’s straightforward to request and add the 3D Secure facility. Just contact our team to find out more about Thredd’ expert-led services which could help you serve the needs of your customers and deliver them facilities beyond their expectations.

 

Resources

[1] https://www.thebusinessdesk.com/northwest/news/2094832-biometric-payment-platform-has-finger-on-the-pulse-with-world%E2%80%99s-first-vein-id-enabled-vending-machines

[2] https://www.which.co.uk/news/2022/03/bank-transfer-fraud-victims-lose-28000-an-hour/

[3] https://www.fstech.co.uk/fst/HSBC_Telephone_Fraud_Drops_Dramatically_With_Voice_Biometrics.php

News, events and insights.

Sign up to receive Industry news, events and insights delivered straight to your inbox.

Please enter your first name
Please enter your last name
Please enter a valid email address
Please select a country
Please accept the terms and conditions to subscribe