Financial services companies - in particular those involved in
fintech - face a number of interrelated challenges that LoginID’s
solutions can solve. The inherent sensitivity of financial and
payments data, and the fact that this information is highly sought
after by bad actors, means that companies must use the most secure
and accurate authentication and identity management mechanisms
available to keep their customers safe. In addition, regulatory
agencies and policymakers around the world have developed stringent
legal frameworks that impose strict requirements on private sector
actors operating in fintech.
At the same time, the emergence of open banking is creating
unprecedented opportunities for financial institutions to innovate
and for consumers to gain control over their data. This potential
can only be achieved when authentication and identity management is
both secure and convenient.
Helping FinTech Companies Become PSD2 Compliant
LoginID provides cutting edge authentication and identity
verification solutions that allow fintech companies to attain the
highest level of security and compliance with laws such as the EU’s
Revised Payment Services Directive (PSD2), without compromising
convenience for the user. The following features of our
FIDO2-enabled authentication solutions ensure compliance with the
Strong Customer Authentication:
the PSD2 requires that users be authenticated using a mix of at
least two elements that relate to possession (something you own),
inherence (something you are) and/or knowledge (‘something you
know’). LoginID’s authentication solution is inherently a 2-factor
authentication method that is explicitly PSD2 compliant. By
contrast, other proprietary biometrics solutions on the market are
single-factor, meaning that an additional safeguard must be added.
the PSD2 requires companies to mitigate the risk that any of the
elements used for authentication are accessed by unauthorized
parties. Our solution ensures that the elements reside in the
authenticating device – even if the device is stolen, that
information cannot be read, copied or transferred, and the user
cannot authenticate unless they have the necessary inherent features
(e.g. biometrics) or knowledge.
the PSD2 mandates that payment services must have a secure mechanism
that allows users to review and confirm the transaction. We support
this through a mechanism by which the details of the transaction and
a confirmation request are sent to the user, who in turn authorizes
payment – e.g. by scanning a fingerprint.
Secure Payment Authentication
LoginID’s payments solution uses the 3DS2 protocol to enable
merchants to use the most secure authentication system on the market
while maximizing convenience and conversion. In addition, because
3DS2 meets the necessary regulatory requirements, it allows
merchants to shift liability for chargebacks from your business to
the customer’s bank.
3DS2 – compliance without compromising conversion
Three-Domain-Secure 2.0 or 3DS2 is a protocol that has been
developed to enable Strong Customer Authentication (SCA) while
minimizing friction for the user and the merchant. SCA is a
requirement, established by the EU’s Revised Payment Services
Directive (PSD2), that users be authenticated using a mix of at
least two elements that relate to possession (something you own),
inherence (something you are), and/or knowledge (‘something you
The original 3DS was introduced to combat online fraud by
incorporating an additional step into the transaction flow,
directing customers to another page where their bank requests a code
or password before approving the transaction. This additional step
creates friction and often relies on passwords, which are easily
forgotten. As a result, conversion is negatively impacted by 3DS.
3DS2 has been developed to address this by enabling a frictionless
payment flow that authenticates without additional input from the
cardholder. This is possible because 3DS2 allows additional pieces
of data to be shared with the user’s bank, enabling it to assess the
risk level and respond accordingly – only transactions that are
considered potentially risky are subjected to a ‘challenge’,
requiring the cardholder to provide additional data.
3DS2 also reduces friction by enabling certain transactions to be
exempted from SCA in accordance with the PSD2. This would include
payments below 30 Euros, fixed amount subscriptions, corporate
payments, payments from trusted beneficiaries, and merchant
initiated transactions, etc.
3DS – a liability shift from your business to the card issuer
Using 3DS to authenticate transactions triggers a liability shift
from your business to the card issuer, meaning that you are not
responsible for chargebacks related to disputed payments. While this
is a very significant benefit, it is important to note that it is
subject to certain limitations – in particular, if you are making
use of the exemptions for SCA, this liability shift does not occur,
or if there is an excessive level of fraud on the merchant’s account
and they are enrolled in a fraud monitoring program. Either way, our
3DS2 solution empowers you to decide whether to take advantage of
SCA exemptions or the liability shift.
LoginID’s biometric authentication solution is ideally-designed to
help crypto exchanges to drive user convenience, maximize security,
and achieve regulatory compliance.
In order to drive conversion, exchanges must address users’ main
priorities, which are speedy processing of deposits and withdrawals,
a user-friendly interface, and an easy-to-use verification process.
Most authentication solutions used by exchanges fail to address
these priorities, requiring users to manually enter dynamic
passcodes. LoginID does not - the user experience is as simple as
scanning a face or fingerprint, irrespective of the device used. In
addition, our FIDO protocol-based solution is supported on major
operating systems and browsers, including Google Chrome, Mozilla
Firefox, Microsoft Edge, and Apple Safari. It also runs on both
Windows 10 and Android platforms, and, from September 2020, Apple
OS. This flexibility means that users have the same high-quality
experience no matter which technology they are using.
LoginID incorporates the World Wide Web Consortium (W3C)/FIDO
Alliance official web standard for web authentication (WebAuthn).
WebAuthn makes passwords & phishing a thing of the past by
authenticating through ‘something a user is’. It is crucial that
websites and services implement WebAuthn to create a secure
environment without compromising usability – our solution achieves
this for our customers.
LoginID authentication is inherently a 2-factor authentication
method and is therefore compliant with the Strong Customer
Authentication (SCA) requirement of the EU’s Revised Payment
Services Directive (PSD2).
Globally, financial institutions and the regulations that govern
them are adapting to the growing trend toward open banking. By
utilizing LoginID’s solution, an exchange can leverage public- key
cryptography techniques combined with “one-touch” biometrics and/or
security keys to enable convenient and secure compliance with open
In addition, our FIDO-based solution makes it easier to comply with
the EU’s General Data Protection Regulation (GDPR). In particular,
FIDO standards have been developed with ‘privacy by design’ in mind
- a key GDPR requirement. In addition, our multi-factor
authentication enables companies to meet their GDPR obligations to
implement strong data protection safeguards.