FinAi News

No products in the cart.

Subscribe
  • News
  • AI News Tool
  • Data
  • Transactions
  • Events
    • FinAi Banking Summit
    • FinAi Lending Summit
  • Podcast
  • WEBINARS
    • Webinar Library
Log In
No Result
View All Result
  • Banking
  • Lending
  • Payments
  • Risk & Security
  • Strategy
FinAi News
  • News
  • AI News Tool
  • Data
  • Transactions
  • Events
    • FinAi Banking Summit
    • FinAi Lending Summit
  • Podcast
  • WEBINARS
    • Webinar Library
BAN PLUS
Log In
No Result
View All Result
FinAi News
No Result
View All Result

3 global cybersecurity lessons for US banks

Mandatory multifactor authentication, increased fraud control testing critical

Alijah PoindexterbyAlijah Poindexter
May 16, 2022
in Risk & Security, Strategy
Reading Time: 3 mins read
0
Share on Facebook

Cybersecurity approaches in the U.K. and Europe provide learning opportunities for U.S. banks, despite major differences in regulatory and business structures. What follows are three cybersecurity tactics that are working in the U.K. and Europe:

1. Mandatory multifactor

Photo by CanStock

Multifactor authentication (MFA) has been much maligned by banking customers for its clunkiness and relative inconvenience. However, mandatory MFA, which was part of the PSD2 regulatory framework for European payments regulation, was key to reducing fraud attempts in the U.K., Hardeep Rai, product director, fraud prevention at California-based risk operations fintech Feedzai, told Bank Automation News. PSD2 is a 2018 European digital payments directive, which included regulation on open banking and made strong customer authentication (SCA) mandatory.

“The reason for strong customer authentication was, there was a clear need to secure this new API channel,” Rai said. “But it was also seen as a way to reduce fraud generally. It brought in a minimum requirement of authentication, so you must have two factors of authentication for all transactions, or most of the transactions.”

This created a feeling of “table stakes” and forced banks to rethink their authentication approach, moving away from unwieldy authentication processes that spanned multiple platforms and could result in customer attrition, he said. Many European banks now offer streamlined SMS-based authentication procedures that highly reduce fraud.

“The truth is that level of authentication is far nicer and cleaner, and customers are willing to go through it,” Rai said. “So, you get a double benefit, where you’ve got nicer customer experience, but you’ve also got less fraud, because you’ve made that channel more secure.”

Irregular deployment of MFA has caused issues for U.S. customers, Sai Huda, founder of San Diego-based cybersecurity firm CyberCatch, told BAN.

“We think that it should be used more broadly in the United States,” Huda said. “When it’s used, it’s used for certain use cases, or it’s for privileged users only. But frankly, it’s time.”

2. Confirmation of payee

Confirmation of payee, in which a bank triggers an API call to another institution to certify that a payment reached the correct destination, has proved an important “small step” in creating friction for fraudsters in the U.K., Feedzai’s Rai said.

“They’re not silver bullets,” Rai said. “Confirmation of payee has been live for nearly two years. It’s not fundamentally changed the fraud, but it’s another small thing that helps. Fraudsters will find ways around this — they always do — but it’s just putting more friction in their way.”

3. Contingent reimbursement

Not all of Europe’s cybersecurity methods are regulation-inspired: A voluntary code for maintaining consistency in fraud reimbursement has gone a long way toward limiting scams and account takeover fraud, Rai noted.

“The contingent reimbursement model is not regulated in the U.K., but it’s a voluntary code that a number of the banks in the U.K. signed up to, with the sole purpose of bringing some consistency to when a customer gets refunded,” he told BAN.

This code assuages difficulties in recovering lost funds for customers whose banks may have different standards for what constitutes fraud and establishes a strong code of conduct for banks in the U.K.

Regulatory hurdles

Many of Europe’s cybersecurity developments stem from sweeping regulatory directives, which are not totally replicable in U.S. banking ecosystem. However, industry leaders and banks alike would be best served to take a close look at what Europe has done, John Horn, Aite-Novarica Group practice director, cybersecurity, told BAN.

“EU regulation pertaining to Cross-party (or cross-jurisdiction) Customer Identity has been excellent,” Horn said. “The EU’s Electronic Identification and Signature (eIDAS) regulation in 2016 set great rails for EU Member Nations. By end of 2020, 19 Digital Identity formats across q5 countries were interoperable in Europe. US government and industry leadership would be well-served to study the success of EU Identity regulation as US federal Digital Identity is being considered.”

Bank Automation Summit Fall, taking place Sept. 19-20 in Seattle, is a crucial event on automation and automation technology in banking. Learn more and register for Bank Automation Summit Fall 2022.

Tags: bank regulationcybersecurityopen bankingPremiumpsd2
Previous Post

Listen: Upstart SVP Jeff Keltner discusses the pitfalls of digitalization-first approach

Next Post

Bank Automation Summit 2022 Fall agenda

Related Posts

Woman have biometric scan of face
Risk & Security

UnionDigital Bank eliminates successful account takeovers with iProov

July 9, 2026
iso 20022
Strategy

Fed’s Williams says AI is now his main inflation concern

July 9, 2026
Exterior of Micron offices
Strategy

Micron boosts US spending to $250B to feed memory boom

July 9, 2026
Next Post
Seattle

Bank Automation Summit 2022 Fall agenda

EMERGING FINTECH DIRECTORY

Emerging Fintech Directory

The Buzz Podcast

SPONSORED

How AI and Product Experts Turn Fuzzy Requirements Into Focused Dev-ready Roadmaps

April 19, 2026

Is Your Technology Supplier There for You?

April 1, 2026

Hiding in Plain Sight: How to Use Data to Spot Consumer Accounts Being Used by Small Businesses

November 10, 2025

  • About Us
  • Help Center
  • Contact Us
  • Privacy Terms
  • ADA Compliance
  • Advertise

 [wt_cli_manage_consent]

Connect

twitter linkedin podcast podcast podcast
© 2026 Royal Media
No Result
View All Result
  • NEWS
    • All News
    • Banking
    • Lending
    • Payments
    • Risk & Security
    • Strategy
  • AI News Tool [Beta]
  • DATA
  • TRANSACTIONS
  • EVENTS
    • FinAi Banking Summit
    • FinAi Lending Summit
  • PODCAST
  • WEBINARS
    • Webinar Library
  • SUBSCRIBE
  • Log In / Account

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Unlock This Article

Create your free FinAi News account to access this article and stay informed on how AI is transforming financial services including banking, lending, payments, and risk.

Yes, I'd like to receive FinAi News updates, breaking news, and exclusive AI insights for financial services leaders.

Continue Reading with FinAi News Premium - Less than $2/Day

Upgrade to FinAi News Premium for unlimited access to news, insights, trends, and intelligence on how AI is transforming financial services including banking, lending, payments, and risk.
Upgrade to FinAi News Premium Subscription
No Result
View All Result
  • NEWS
    • All News
    • Banking
    • Lending
    • Payments
    • Risk & Security
    • Strategy
  • AI News Tool [Beta]
  • DATA
  • TRANSACTIONS
  • EVENTS
    • FinAi Banking Summit
    • FinAi Lending Summit
  • PODCAST
  • WEBINARS
    • Webinar Library
  • SUBSCRIBE
  • Log In / Account