Logging into e-banking – what changes
On September 14, the entry into force of the PSD2 legislation changed the ways in which people can log into e-banking. The changes cover both individuals and companies. It is worth checking out what has changed.
For security reasons, one of the main changes most visible to the user that banks have implemented is two-factor verification already when logging in to an e-banking account. Until now, here it was usually enough to enter an individual login and password, but now a third external component is required (such as a code that came via SMS or a biometric identifier). The implementation of this type of security was already used, but usually only when making an online transfer, when the banking system required additional confirmation. Now, however, such a necessity has been implemented for every login to a bank account.
In addition to the extensive login models already introduced by banks, the novelty is the opening of wider possibilities of using electronic banking in the customer’s life. According to the Directive, the bank, upon the customer’s request and with his consent, should allow access to information from the customer’s payment accounts to certified entities, such as developers of financial or accounting software and applications. The idea is that a bank customer can integrate his IT systems, e.g. online accounting system, with his bank in order to automatically exchange information so that data flows between one system and another without the need to constantly log on. With such a solution, a bank customer would no longer have to manually enter, for example, payment settlements in his accounting system. This information would be downloaded automatically and linked to the relevant invoice. Additionally, it would be possible to see the bank balance on an ongoing basis, which is useful for planning the payment of expenses, i.e. invoices with a specified payment date.
The increased level of security that the PSD2 directive requires from banks is mainly based on so-called strong authentication. It is supposed to verify the identity of the person who is the owner or user of the bank account two-step, that is, it cannot be limited to entering only a login and password. An additional external component is needed. Many non-banking tools have long provided the so-called two-step login – in addition to the standard login and password, they required entering a code, which came for example via SMS. Financial institutions decide for themselves what security measures and two-factor models to introduce. The directive does not directly specify specific solutions.
The implementation of PSD2 started with changes visible to every e-banking user in the area of account login. It should be remembered that the main purpose of the changes is to expand the possibilities of integrating and collating banking information with other IT systems and, importantly, the bank must make them possible at the request of its client. Therefore, more new solutions in this area should gradually appear in subsequent periods.