Skip to main content
Response to discussion on RTS on strong customer authentication and secure communication under PSD2
Go back2. Which examples of possession elements do you consider as appropriate to be used in the context of strong customer authentication, must these have a physical form or can they be data? If so, can you provide details on how it can be ensured that these data can only be controlled by the PSU?
We believe that the data form does not suffice to prevent abuse and fraud. In the context of strong customer authentication we consider ID card/passport must be in possession and possession must be valideted through a successful match by a face-to-face video call session with a specially trained agent. WebID carries out well above 3.000 online ID checks daily.3. Do you consider that in the context of “inherence” elements, behaviour-based characteristics are appropriate to be used in the context of strong customer authentication? If so, can you specify under which conditions?
Yes, we consider inherence" core elements of strong customer authentication. The WebID online identification process to date includes 22 "inherence" elements established together with leading fraud prevention police specialists (e.g.individual behavioural patterns, eye movement, voice consistency etc.). With our system, according to an established fraud prevention scoring system the process automatically "escalates" to full check of all "inherence" elements immediately upon fraud suspicion."4. Which challenges do you identify for fulfilling the objectives of strong customer authentication with respect to the independence of the authentication elements used (e.g. for mobile devices)?
The core challenge to the successful implementation of our SCA solution is the required duration for the full AML-compliant identificaiton call. As a result, WebID has already implementaed a system where returning customers can be immediately reauthenticated upon their return visit without compromising safety.6. In your view, which solutions for mobile devices fulfil both the objective of independence and dynamic linking already today?
The WebID online identification method already allows for strong customer authentication from all mobile devices fulfilling both the objective of independence and dynamic linking in the context of online customer identification (using TAN and email address entry) carried out on behalf of leading financial institutions. A suitable solution for online payment providers is being developed.8. Are there any other factors the EBA should consider when deciding on the exemptions applicable to the forthcoming regulatory technical standards?
We consider any exemption to the application of SCA as dangerous. Experience has shown that loopholes will be identified and exploited. With the WebID solution SCA is applicable to all transactions without limitations while remaining convenient to the user. Complicated risk analysis and risk analysis technology becomes supperfluous as soon as SCA is applied to all transactions. Enabling instant reauthenticaiton of returning customers allows for speed of process for returning customers.Name of organisation
WebID Solutions GmbHPlease select which category best describes you and/or your organisation.
[Non-financial, private sector institution"]"If you selected ‘Other’, please provide details
Inventor of GwG/AML compliant online identification process, approved by German Ministry of Finance.Please select which category best describes you and/or your organisation.
[Other "]"If you selected ‘Other’, please provide details
Inventor and provider of GwG/AML compliant online identification process, approved by German Ministry of Finance and servicing leading European financial services organisations.