Financial services companies - in particular those involved in fintech - face a number of interrelated challenges that LoginID’s solutions can solve. The inherent sensitivity of financial and payments data, and the fact that this information is highly sought after by bad actors, means that companies must use the most secure and accurate authentication and identity management mechanisms available to keep their customers safe. In addition, regulatory agencies and policymakers around the world have developed stringent legal frameworks that impose strict requirements on private sector actors operating in fintech.

At the same time, the emergence of open banking is creating unprecedented opportunities for financial institutions to innovate and for consumers to gain control over their data. This potential can only be achieved when authentication and identity management is both secure and convenient.
Helping FinTech Companies Become PSD2 Compliant
LoginID provides cutting edge authentication and identity verification solutions that allow fintech companies to attain the highest level of security and compliance with laws such as the EU’s Revised Payment Services Directive (PSD2), without compromising convenience for the user. The following features of our FIDO2-enabled authentication solutions ensure compliance with the PSD2:

Strong Customer Authentication:
the PSD2 requires that users be authenticated using a mix of at least two elements that relate to possession (something you own), inherence (something you are) and/or knowledge (‘something you know’). LoginID’s authentication solution is inherently a 2-factor authentication method that is explicitly PSD2 compliant. By contrast, other proprietary biometrics solutions on the market are single-factor, meaning that an additional safeguard must be added.

the PSD2 requires companies to mitigate the risk that any of the elements used for authentication are accessed by unauthorized parties. Our solution ensures that the elements reside in the authenticating device – even if the device is stolen, that information cannot be read, copied or transferred, and the user cannot authenticate unless they have the necessary inherent features (e.g. biometrics) or knowledge.

Transaction Confirmation:
the PSD2 mandates that payment services must have a secure mechanism that allows users to review and confirm the transaction. We support this through a mechanism by which the details of the transaction and a confirmation request are sent to the user, who in turn authorizes payment – e.g. by scanning a fingerprint.
Secure Payment Authentication
LoginID’s payments solution uses the 3DS2 protocol to enable merchants to use the most secure authentication system on the market while maximizing convenience and conversion. In addition, because 3DS2 meets the necessary regulatory requirements, it allows merchants to shift liability for chargebacks from your business to the customer’s bank.
3DS2 – compliance without compromising conversion
Three-Domain-Secure 2.0 or 3DS2 is a protocol that has been developed to enable Strong Customer Authentication (SCA) while minimizing friction for the user and the merchant. SCA is a requirement, established by the EU’s Revised Payment Services Directive (PSD2), that users be authenticated using a mix of at least two elements that relate to possession (something you own), inherence (something you are), and/or knowledge (‘something you know’).

The original 3DS was introduced to combat online fraud by incorporating an additional step into the transaction flow, directing customers to another page where their bank requests a code or password before approving the transaction. This additional step creates friction and often relies on passwords, which are easily forgotten. As a result, conversion is negatively impacted by 3DS.

3DS2 has been developed to address this by enabling a frictionless payment flow that authenticates without additional input from the cardholder. This is possible because 3DS2 allows additional pieces of data to be shared with the user’s bank, enabling it to assess the risk level and respond accordingly – only transactions that are considered potentially risky are subjected to a ‘challenge’, requiring the cardholder to provide additional data.

3DS2 also reduces friction by enabling certain transactions to be exempted from SCA in accordance with the PSD2. This would include payments below 30 Euros, fixed amount subscriptions, corporate payments, payments from trusted beneficiaries, and merchant initiated transactions, etc.
3DS – a liability shift from your business to the card issuer
Using 3DS to authenticate transactions triggers a liability shift from your business to the card issuer, meaning that you are not responsible for chargebacks related to disputed payments. While this is a very significant benefit, it is important to note that it is subject to certain limitations – in particular, if you are making use of the exemptions for SCA, this liability shift does not occur, or if there is an excessive level of fraud on the merchant’s account and they are enrolled in a fraud monitoring program. Either way, our 3DS2 solution empowers you to decide whether to take advantage of SCA exemptions or the liability shift.
Crypto Exchanges
LoginID’s biometric authentication solution is ideally-designed to help crypto exchanges to drive user convenience, maximize security, and achieve regulatory compliance.
User Conversion
In order to drive conversion, exchanges must address users’ main priorities, which are speedy processing of deposits and withdrawals, a user-friendly interface, and an easy-to-use verification process. Most authentication solutions used by exchanges fail to address these priorities, requiring users to manually enter dynamic passcodes. LoginID does not - the user experience is as simple as scanning a face or fingerprint, irrespective of the device used. In addition, our FIDO protocol-based solution is supported on major operating systems and browsers, including Google Chrome, Mozilla Firefox, Microsoft Edge, and Apple Safari. It also runs on both Windows 10 and Android platforms, and, from September 2020, Apple OS. This flexibility means that users have the same high-quality experience no matter which technology they are using.
LoginID incorporates the World Wide Web Consortium (W3C)/FIDO Alliance official web standard for web authentication (WebAuthn). WebAuthn makes passwords & phishing a thing of the past by authenticating through ‘something a user is’. It is crucial that websites and services implement WebAuthn to create a secure environment without compromising usability – our solution achieves this for our customers.
LoginID authentication is inherently a 2-factor authentication method and is therefore compliant with the Strong Customer Authentication (SCA) requirement of the EU’s Revised Payment Services Directive (PSD2).

Globally, financial institutions and the regulations that govern them are adapting to the growing trend toward open banking. By utilizing LoginID’s solution, an exchange can leverage public- key cryptography techniques combined with “one-touch” biometrics and/or security keys to enable convenient and secure compliance with open banking standards.

In addition, our FIDO-based solution makes it easier to comply with the EU’s General Data Protection Regulation (GDPR). In particular, FIDO standards have been developed with ‘privacy by design’ in mind - a key GDPR requirement. In addition, our multi-factor authentication enables companies to meet their GDPR obligations to implement strong data protection safeguards.
Connect with us