With Money 20/20 on the horizon, we’ve taken a moment to step back and try to really understand the challenges FinTech companies face.
Well, we didn’t have to look much, because it was fairly obvious this year: It’s the overwhelming burden and cost of regulation. FinTech companies began the year needing to comply with the second Payment Services Directive out of the EU, and now we have GDPR.
There’s a degree of irony to the situation, actually. Financial regulations over the decades were written to protect consumers from big financial institutions. You know –the same financial institutions still running systems built in the 1960s. And the banks can’t keep talent alive to help them maintain these systems.
The FinTech companies in pursuit of solving the problems that big banks created is being impeded by the regulatory environment designed for those big banks. PSD2 strives to relieve some of the pain, forcing big banks to open their systems to third parties (which is a security conversation on its own.)
It seems as if lawmakers in the EU considered innovation while creating new rules to protect people. Yet it is still up to the FinTech companies and their partners to comply with security requirements, like user authentication.
The 2FA requirement: You likely already have what you need to make it happen.
Authentication and transaction confirmation requirements are clearly spelled out in PSD2 (similarly in GDPR.) If you’re interested, watch our webinar on PSD2 or read our whitepaper.
Two-factor authentication hasn’t been forced amongst financial services providers until as of recent (except for countries with digital IDs, like Estonia.) Why? 2FA has a significant impact on the user experience of a FinTech’s web client or mobile application. We’re advocates of 2FA, but we won’t deny that it adds a step in the signup or login process.
However, your service can most likely seamlessly integrate two-factor authentication into the process right now. If you ask users for their mobile phone numbers, simply start sending SMS PIN codes in the process. The cost is minimal, adds another layer of account security, and brings you into compliance.
Our user authentication API is developer friendly, so getting it integrated only takes a few lines of code. Most of our FinTech clients prefer to make their own user interface, so it matches their brand, but we have a UI that can be deployed with your service.
Also, the same API is TOTP ready, so the financial services app can ask for one-time passwords for anyone using Verigator –nothing extra is needed.
If you’re heading to Money 20/20 this year, let me know –firstname.lastname@example.org.
Whether PIN codes, notifications, or communication, FinTech companies choose Messente’s SMS API because we have less failed messages, so you can do more business. And comply with regulations.