Why blockchain can solve the EU’s two-factor authentication dilemma

If you’ve become used to going contactless when out shopping, then you might receive a shock next year. New EU anti-fraud regulation comes into force in September 2019 and will require two-factor payment authentication for physical and online payments, potentially leading to abandoned shopping baskets.

The Second Payment Services Directive (PSD2) states that consumers will need the use of two or more authentication criteria to complete a payment. These factors include a traditional password, your phone or car, as well as “something you are – such as a fingerprint.”

In many ways, this new legislation is welcome and necessary. From Yahoo to Cambridge Analytica and now British Airways, a disturbing and seemingly unending series of data breaches and instances of data misuse made government action inevitable. Now, companies will be held accountable for their handling of user data, and consequences can be levied on those that don’t comply. The unique problems associated with the digital age required governments to take action, but their will be unintended consequences of the new laws.

Unfortunately, these changes don’t impact all businesses evenly. For instance, large corporations have the financial and personnel resources to accommodate the law’s provisions, but smaller, less financially affluent companies will struggle to implement the new requirements. As a result, the consumer experience suffers as some companies will cut back on compelling features that define the modern consumer mindset.

For city workers rushing from Starbucks to their stand up meeting to buying a round of drinks at the bar, the two-factor payment requirement is unwelcome news. After years of instant frictionless payments, no one wants to go slow again. Credit card companies and banks will also have their work cut out ensuring their payment infrastructure can satisfy the new legislation.

Retailers expect that users will have to confirm their identity every five times they use contactless from September 2019. Mastercard and several UK banks are currently testing cards with inbuilt fingerprint scanners to help verify customer IDs. With retailers keen to maintain frictionless consumption, many retailers are likely to adopt biometric technology as you can’t forget your fingerprint at the till.

As we move from cash to card, password to a thumbprint, and beyond to facial recognition technology. It’s going to be much easier to authenticate a transaction with a fingerprint or a selfie than remembering a password or pin number.

New rules of contactless payments

According to the EU’s Second Payment Services Directive (PSD2), customers will have to confirm their identity whenever payments amount up to €150 or within one in four sales after their last ID verification. The ’Strong Customer Authentication’ (SCA) process requires the consumer to provide two of the following elements:

  • Something only the customer knows (such as a PIN)
  • Something only the customer has (i.e. card, hardware token, mobile phone or alternative device)
  • Something the customer is (fingerprint, facial recognition or retina iris scan)

For shoppers online, the SCA rules stipulate that at least two authentication elements will be required to make a payment.

There are fears amongst traditional and online retailers that by complying with this EU directive will slow down sales. While stopping payment fraud is paramount there are understandable concerns about how PSD2 will affect our shopping habits.

Given that blockchain-based technology already meets the EU’s requirements, an existing solution is at hand – one that offers retailers unprecedented payment speed, security, and customer convenience.

Blockchain-based payments are secure and private meaning consumers won’t have to share their details with a retailer or marketing companies.

Why blockchain-based payments are the answer

Blockchain give consumers full control of their payments and unlike the current system, they will not have to share their name, card details and billing address with centralised banks, retailers or marketing companies.

By giving the user complete payment control, they can choose to share or store information through attestations, digital tokens or references, without having to disseminate their data to third parties.

Making a payment on blockchain is a private and secure process. Crucially, it’s as quick as contactless but does not require expensive new fingerprint-scanning cards. Furthermore, biometric software is already part of blockchain-based payments, eliminating the need for passwords or pin numbers.

With its decentralised ledger, blockchain-based payments are far more likely to protect consumers from fraud. On the surface, the forthcoming PSD2 legislation will be costly and time consuming for customers and retailers. The potential upside of this disruption is that blockchain technology offers an existing customer-first payment system, providing security and privacy to all parties.


By Alastair Johnson, CEO, Nuggets

The largest data protection, privacy and security event of 2020, now available on-demand!

Featuring four whole days of keynote sessions, panel debates, and an opportunity to network and chew over all things data-related through discussions in public boards and virtual booths, PrivSec Global is now available to watch on-demand.

You can access the content from all four days, by registering for access to our PrivSec Global platform below.

Learn More and Register

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.