New online banking rules
In recent weeks, customers have been receiving post from their bank. The reason for this is the recast European Payment Services Directive (PSD2). The first changes prescribed by the directive have been in effect since January 2018. From 14 September 2019, new rules for online banking will also enter into force. What appears to be complicated at first glance, will, first and foremost, provide more security.
Strong customer authentication
Up to now, often all you needed to log in to an online banking platform was a user identification and a password. Strong customer authentication is being introduced with PSD2. In principle, this means that every customer must confirm their identity using two independent authentication factors from these three categories:
- Knowledge (e.g. PIN, password)
- Possession (e.g. mobile phone, card, TAN generator)
- Inherence (e.g. fingerprint, voice recognition)
These factors therefore yield various options for confirming identity. For instance, with a PIN (knowledge) and a TAN (possession) or a smartphone (possession) and a fingerprint (inherence). This “two-factor identification” has been required for transfers for quite some time. In future, this will also be necessary for logging in to online banking platforms and accessing sensitive data.
No more TAN lists
According to the new directive, now only dynamic TAN procedures – where a new TAN is generated for each payment – will permitted for online transfers and card payments. Static TAN lists on paper will therefore soon be a thing of the past.