Authentication processes set to become a competitive lever in banking

Over the last two years nowhere in the world has seen a greater increase in adoption of fintech than Singapore. Back in 2017 less than a quarter of Singaporean residents had used a fintech service, today more than two thirds have. Banks of course have played a central role in facilitating this change, and with a wave of new digital banks coming over the horizon, now is the time for Singapore’s banking incumbents to ensure they keep surprising customers on the upside by adopting new technologies.

Whilst Singapore's fintech adoption sits above the global average (60%), to some extent the last two years have been a process of Singapore catching up with the rest of the world. Consumers in countries from China to India, Mexico, South Africa, and my home Ireland are more likely than those in Singapore to be familiar with at least one fintech service.

Adoption of new technologies in financial services has often been led by the payments industry, which has seen significant change in recent years, especially in online payments.

With technological change naturally front-running any regulatory response, fraud risk in online payments is high. According to court records, in 2018 there were over 1,200 cases of unauthorised transactions in Singapore, with the value lost to scams recorded at $1.2m. This figure may well be higher as many such cases also go unreported. Some of the key causes of fraud were email and SMS hijacking that deceived people into handing over passwords and other credentials.

The fightback against online payments fraud is in its very early days, with all parties from issuers to acquirers and everyone in between trying to strike the right balance between frictionless consumer experiences and transactions that are sufficiently protected from fraud.

This is especially pertinent now the Monetary Authority of Singapore has announced that it will issue five new Digital Banking Licences in the coming months, as well as the global expansion of digital banks into Singapore such as Revolut, means we should expect to see increased competition in consumer banking. Smooth online payments experiences will be an important battleground in this competition, and so could be a factor in consumers choosing to switch to more tech-enabled banking rivals.

Banks will therefore be feeling the pressure to prioritise user experience over fraud protection. Regulators in turn will be keeping a close eye on developments and could step in to demand strengthened fraud prevention measures.

This is a trend that is being experienced all around the world and more and more payments move online. Perhaps the most recent example of this is the Strong Customer Authentication regulation (SCA) in Europe, due to come into force across the continent at the end of next year. It is worth noting however that implementation of SCA had to be delayed from September until the end of next year because it was deemed merchants weren’t ready for the sweeping changes. Our own research found that the new regulations could have cost European businesses over $60bn.

Getting this right is going to be very hard. But it is precisely that difficulty that makes good solutions so valuable.

The key element of SCA is the requirement that most online transactions over a given threshold will require two-factor authentication. Entering your card details alone will not be sufficient, a second factor of authentication will be required to complete the transaction. That might be using a fingerprint or face-scan, but it could also mean more clunky processes such as entering a code sent to your phone by SMS, an experience that Singaporeans are familiar with.

This SMS-driven two-factor authentication has been a starting point around the world, mostly because implementation from the issuer side has been relatively simple. The experience for consumers and merchants of the SMS approach to two-factor authentication is not so smooth, and the system is far from fail-proof.

The threat of regulatory change in Europe has driven new innovations in frictionless payment security that are now spreading into Singapore. The rollout of a new standard in transaction authentication called 3D Secure 2 (3DS2) is seeing increased adoption in Europe and will likely spread to new markets including Singapore soon.

3DS2 enables businesses and payment providers to send more data elements on each transaction to the cardholder’s bank. This includes payment-specific data like the shipping address, as well as contextual data, such as the customer’s device ID or previous transaction history. The cardholder’s bank can use this information to assess the risk level of the transaction and select an appropriate response.

This product is already used by digital banks with a strong record such as Revolut (which has just launched in Singapore) and Transferwise, and should be a foundational component of the new digital banks’ offerings.

In a world where payments experience becomes part of the competitive arsenal of Singapore’s banks, it’s crucial for any bank to be properly equipped for the fight.