Mobile authentication has big role to play in GDPR and PSD2
Data Privacy and Security

Mobile authentication has big role to play in GDPR and PSD2

The following is a contributed article by Marta Ienco, ‎Head of Government and Regulatory Affairs, GSMA Personal Data

 

In 2018, GDPR (General Data Protection Regulation) and PSD2 (Payments Services Directive) will pass into law. Both regulations have been developed by the EU to help manage personal data in response to the growing digital economy. While GDPR will protect consumer privacy, PSD2 will give third parties access to customer data. Two contradictory motives that are surely set to collide. Banks are already grappling with the technicalities of these regulations, but what do they actually mean for businesses and their customers?

Let’s start with the basics. PSD2 will come into effect in January 2018 and will give third-parties access to anonymised customer banking data. It will help foster competition and innovation by giving service providers the ability to interact with banks’ customers, but it will also improve security by making strong customer authentication mandatory. This will further expand the reach of two-factor authentication, where users will need to authenticate themselves using something they have, such as a smartphone or card reader, and something they know (a PIN or password).

GDPR, which comes into force in May 2018, will set a new bar for how companies process, secure, protect and report customer data. Any organisation with data on EU individuals will have to conform with GDPR, wherever they are based. That means that where past legislation applied only to companies headquartered in the EU, almost every website and app in the world must comply with GDPR from 2018. The benefits are clear. GDPR supports a level playing field that will increase digital trade and require organisations to take a more sophisticated approach to data capture and processing. But the cost of non-compliance will be high and organisations could face fines of up to 4 per cent of global turnover – a significant penalty.


So how will these two regulations marry up? The key is consent. Third parties will only be able to access customer data when it has been agreed by the consumers – meaning GDPR rules are upheld. The real challenge is therefore to prove that customers are who they say they are and triggering customer consent through authentication. If banks aren’t completely certain of the provenance of a request, and decline a request from a service provider, they could be in violation of PSD2. But if a data breach then takes place, they could also become liable under the rules of GDPR. Luckily, this is where operators can help.

Operators can leverage user data such as location, account and usage history, which in turn can be used to help verify transactions. Moreover, this rich data can also help minimise instances of account takeover fraud. So if someone tries to change the mobile number associated with a bank account, the operator can determine if the original mobile number is still in use, and use it to alert the customer to any suspicious changes to their personal details.

Mobile authentication is secure but also extremely convenient – vital for keeping customers happy and in control of their data. With the majority of people now carrying smartphones two-factor authentication becomes simple, as the object they ‘have’ is already in their pockets. Possession and control of the mobile phone can be combined with a secret piece of information (e.g., PIN) or biometrics (e.g., fingerprint), enabling banks to easily and accurately verify the identity of the person trying to access the service. 

When banks and operators combine their efforts and expertise, they create a secure environment for transactions with greater revenue generation opportunities. The GSMA has already begun working with a number of operators and service providers to roll out Mobile Connect, an operator-based mobile authentication service which provides a convenient and secure log-in solution with privacy protection. While there can be no doubt that GDPR and PSD2 will drive huge changes in the world of personal data, mobile authentication will keep things safe, simple and secure for businesses and consumers.

PREVIOUS ARTICLE

«Why Lottery is a global opportunity in 2017

NEXT ARTICLE

Three ways to guarantee success at DevOps»
author_image
IDG Connect

IDG Connect tackles the tech stories that matter to you

Add Your Comment

Most Recent Comments

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.

images

Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.

images

Poll

Should companies have Bitcoins on hand in preparation for a Ransomware attack?