The need for security
Security and trust
For years, banks have made major investments to maintain a high degree of security and comply with the new European regulation on payment services, which require that strong authentication for internet payments be reinforced.
The development of online retailing and new entrants in the payment services market should not jeopardise this security. As such, when digitising their services, banks have developed increasingly sophisticated remote authentication systems such as 3D Secure (delivery of an authentication code by SMS) or innovative new security solutions such as dynamic visual crypto codes on payment cards.
The same rules for the same activity
Protecting client data and funds are matters in which banks will never compromise.
The regulations governing banking activities should also apply to new entrants both
large (GAFA) and small (like some Fintech companies). Not only is the very security of the financial sector and the end customer at stake, but also compliance with the rules of fair competition.
Technological progress must also mean advances in protecting personal data and transaction security. We must not forget that “a system is only as secure as its weakest link”.
Protecting client data
With the Payment Services Directive (PSD2), the European Commission has allowed new non-banking businesses (payment initiators and aggregators) to enter the payments market. Aside from threats to payment service security that may hold back these new entrants, their economic model raises the question of how clients’ personal data will be used.
Given that DSP2 came into force in January 2018, the FBF has heavily invested in the European Banking Authority’s regulatory security standards, which govern account access for services initiating payments and aggregating data.
The FBF is promoting the concept of strong client authentication using a risk-based approach and secure communications. The industry is analysing the possible creation of an API (Application Programming Interface: IT solution that provides applications with standardised and secure methods for communicating with each other and exchanging services within this framework).
The FBF participates in European discussions on developing communications standards (ERPB projects).
Cybersecurity is an increasingly important concern for banks, which are taking measures to detect and react as early as possible in the event of payment fraud or attacks on information systems. In light of this, FBF and the police Cybercrime Branch have joined forces, signing a partnership agreement. This cooperation is part of a European strategy devised by Europol and the EBF, which aims to step up anti-cybercrime efforts.
The FBF is also conducting prevention initiatives throughout France and participates in local meetings between banks and their SME clients to raise awareness about wire transfer fraud (more than 500 SMEs educated), or speaks to police representatives on “security in the banking sector”.