Jan 18 2021

Simply owning a mobile device is not enough to drive the adoption of mobile services. Trust is key

Mobile connectivity continues to be such a powerful catalyst for much of the digital transformation taking place across the globe. And never has this been called upon more, than right now.

With millions of us stuck at home and the lure of the online, digital world so strong, the temptation to log in and pick up a good deal is real. As indeed is a requirement to meet many of our basic needs via digital channels. The physical premises of so many businesses remain closed and inaccessible so a legion of people new to digital have found themselves thrust into cyberspace rather unceremoniously.

Mobile might facilitate access to countless services including eCommerce, banking, healthcare, and insurance but it also has the power to do so much more – the ability to bring financial inclusion to the unbanked and underbanked across the developing world. Today, 1.7 billion adults around the world have no bank account, yet two-thirds of them own a mobile phone that could help them access financial services (source: GSMA). Simply owning a mobile device is not enough to drive the adoption of mobile services. Trust is key.

 

Building trust with security

 

Before consumers carry out transactions, they need to feel that the organizations they are sourcing goods and services from are doing everything in their power to protect against security risks and potential fraud. Over half of the value of fraudulent remote payments in 2019 are estimated to have originated through mobile channels and this is expected to increase to over 70% by 2024 (source: Juniper).

With smartphones becoming prevalent, the door is slowly opening for biometric methods of recognition and authentication to start their journey down the road to becoming something mainstream. Embedding fingerprint, voice, and face recognition within mobile devices is becoming reality and can help users create trusted digital identities that can be used to prove that they are who they claim to be when attempting to access anything. These identities afford both service providers and users with an added layer of security that helps protect against fraudulent activities. Unfortunately, biometrics are still somewhat niche. They tend to occupy only high-end devices and are yet to be integrated in mainstream security protocols, which means we need an alternative.

Several decades ago, 2021 sounded just so futuristic, yet the realities we face today are anything but. Many globally still have no access to the Internet which brings us to the humble SMS but more on that later.

In November 2009, the European Union (EU) members signed and implemented a proposal designed to regulate payment services and payment providers in all EU and European Economic Area (EEA) member states. That proposal was the Payment Services Directive 1 – PSD1. Its objective was threefold: to protect customers, improve the quality of services, and to stimulate competition across Europe.

The rise of the online world brought about the creation of the Second Payment Services Directive (PSD2), coming into force in January 2018. PSD2’s principal aim is to regulate the emerging world of Third-Party Providers, the key mechanism being the implementation of a standard level of security offered to financial services customers across all member states. This is called Strong Customer Authentication (SCA).

Businesses offering payment services within the EEA are now legally obliged to deploy additional security measures on electronic payments of more than €30. All customer-initiated transfers, such as bank transfers and single card payments are subject to SCA safeguards. Payments deemed as being initiated by merchants (such as direct debits) remain outside this directive.

 

How SMS-based 2FA fulfills SCA

 

Under SCA, companies now have to verify a customer’s identity by two of the three following factors (or elements): something the customer possesses – i.e. the credit card, smart card, or mobile device; something only the user knows, such as a PIN or password; and something that the user is, which means biometrics. This is 2-factor authentication (2FA).

Mobile devices have become so integral to our lives and we take them everywhere. Application-to-Person (A2P) SMS is a great way to help meet SCA safeguards. 2FA today is most commonly deployed using A2P SMS as the primary delivery channel, with Voice sometimes appearing as a back-up.

PSD2 may only apply to the EEA today but such regulation is spreading fast globally. We understand the need for organizations to deploy a secure, easy-to-use means of providing 2FA.

Regulation or not, leaving the security of clients to chance means competitors will use this weakness to their advantage, positioning themselves as being truly customer-centric. 2FA is not an option, rather a necessity for enterprises to build and maintain trust. Mitto is here to help you with all aspects of your 2FA journey. While the actual means of enabling the second factor of authentication may change over time, the requirement won’t: 2FA is not going away.