The bank for a changing world
The financial world is now digital, “omni-channel”, mobile and borderless, opening the way for new payment methods that meet the needs of consumers who expect increasingly faster and more fluid transactions. And with this come major challenges for payment security! As of 14 September 2019, a new European directive is in force: PSD2. Objective: to enable innovation in the European payments market while securing the growing volume of financial transactions.
Accompanied by the boom in e-commerce, especially via mobile, the volume of payments continues to grow on a global scale, while new types of payment services are emerging and the technical complexity of flows is increasing. According to a research report carried out for Visa and published in 2017, 77% of Europeans now use their phone to carry out their banking transactions and their daily payments. The global payments industry is therefore undergoing unprecedented changes. Technology is redefining the landscape of banks and financial services. But if online purchases are soaring, so are the opportunities for fraud!
Source: ECB, Payment Statistics, 2017
E-commerce - now including mobile payments - is indeed a key target for fraudsters. A global study conducted by PwC in 2018 revealed that 49% of the companies concerned admitted they had been victims of fraud, a 36% increase compared to 2016. In the UK, £140 million was lost in 2012 due to e-commerce fraud. In 2017, this figure had more than doubled. Payment service providers, merchants and regulators must therefore do all they can to strengthen the security of electronic commerce, without jeopardising the fluidity and straightforwardness of customer journeys.
©Wayhome Studio
In addition to a stronger payment control system – thanks to double authentication – the directive introduces a new, more open, standardised and secure way of accessing data for two categories of financial players:
Banking institutions must now make a standard interface available to these players and ensure that they have access to their customers’ payment data. The aim of this measure is to encourage innovation in financial services by facilitating access to this essential data in a secure manner. It also aims to end the current techniques of web scraping, based on the use of customer identifiers and passwords, and considered dangerous. These interfaces will take the form of APIs (Application Programming Interfaces).
BNP Paribas APIs have been in test phase since March 2019 and have been available since July. They comply with the PSD2 regulations and can be used by account aggregators and payment initiators. Initiators can now access the account data of the Group’s customers in order to offer financial services. And they can do this in a completely secure way.
These APIs are accessible from the BNP Paribas API Store Portal.
For four years, BNP Paribas has implemented a strong authentication system to guarantee its customers’ purchases: the digital key, a free service to strengthen the security of all online transactions.
Are there exceptions to these new security rules? Yes, a few, such as low value transactions (€50 for contactless), recurring payments (subscriptions) or split payments, tolls and parking, etc., for which strong authentication is not required.
Crédit photo header ©pikselstock
