Behavioral Biometrics Can Plug Hole in PSD2 Security: BioCatch

With the European Union’s big new privacy and data protection regulations now in place, EU citizens are now equipped with greater security than ever. But these protections aren’t watertight, with one particular flaw in the PSD2 regulation coming under BioCatch‘s magnifying glass.

In a new blog post, the company points out that under PSD2 third-party payments providers (TPPs) still offer an avenue for fraud. Users can open an account with a financial institution using a TPP, and financial institutions have to let the TPP link to that bank account. But BioCatch says that “[m]any of the security and fraud controls European banks currently have in place won’t be able to stop fraudsters from attacking banks via third parties,” meaning that if a TPP isn’t able to spot the fraudster, that vulnerability could be extended to a linked bank.

One solution to this threat is, of course, the kind of behavioral biometrics in which BioCatch specializes. By continuously analyzing user behavior – things like patterns in typing or mouse movement – before and after login, banks can monitor potential fraud activity in their TPPs, helping them to ensure that these are secure partners.

And with the PSD2’s Strong Customer Authentication requirement mandating the use of two factors for authentication, behavioral biometrics offers a completely passive mechanism that can run in the background without bringing friction to the user experience. Thus it can bridge this security gap without any added inconvenience for end customers.