New mobile authentication technology showcased at the Mobile World Congress in Barcelona uses biometrics to address PSD2—enabling payment providers and financial institutions to meet new European rules regarding digital ID and online payments security without passwords.
G+D Mobile Security said its new mobile authentication solution, powered by Samsung SDS Nexsign software, enables “banks and other financial institutions to implement strong biometric authentication for their mobile banking and payment services,” according to a statement. “End customers benefit from a very simple authentication, as they no longer need to handle long and complex passwords.”
PSD2 requires EU payment service providers to implement a combination of at least two independent identifying elements to authorize transactions
Nexsign uses such biometric data as fingerprints, facial recognition and voice to authenticate users, rather than relying on passwords. According to Samsung, the FIDO-certified Nexsign can help secure transactions for ATMs, office computers and digital documents. It also sets the stage for biometrics to address PSD2 requirements.
The new mobile authentication technology is a response to increasing demand for consumers for mobile payment and banking services. “The mobile channel has now become the most popular channel for accessing banking services, recently overtaking PCs and laptops,” G+D and Samsung said. “However, as customers turn to mobile, so do cyber criminals, forcing banks to adopt higher levels of security to combat these new forms of cyber attack. This is a challenge for banks at a time when customers are rejecting the use of complex passwords in favor of biometrics, which are now present on most smartphones.”
As well, the mobile authentication technology shown at the conference is a response to Europe’s revised Payment Services Directive, or PSD2, designed to better secure digital transactions and even encourage more entrepreneurship in the online payments industry.
“Specifically, PSD2 requires EU payment service providers to implement a combination of at least two independent identifying elements to authorize transactions (known as two-factor authentication),” the two companies said. “These elements can be a physical item (for example a card or a mobile phone) which is usually combined with a biometric element such as fingerprints.” That is the case for the G=D offering, which uses biometrics to address PSD2.
G+D and Samsung boast that their mobile authentication product has a “quick set-up and time-to-market for financial institutions” that use it. Banks that use the product receive a software development kit—that is, mobile phone client software—which can be incorporated into existing banking applications. “The bank also integrates a FIDO server into their back-end systems that provides a secure end-point for the authentication process,” the companies say. “Bank customers then simply get their banking application updated from the app store and undergo a one-time registration process to activate the new mobile authentication solution.”