Like many recent inventions, digital banking and e-commerce have made our lives substantially better. Designed to save time and money, they’ve empowered consumers, created thriving marketplaces and allowed businesses to embrace asset-light business models. Open banking was quick to follow, allowing consumers to benefit from better deals, access to new products and services, and to have better control over their money.

But convenience breeds complacency. These time-saving innovations have started exposing consumers and businesses to previously unknown risks – and little has been done to secure online spaces, until recently. As consumers have become more familiar with the inherent risks of e-commerce fraud linked to phishing, there was another lesser-known, dark side of digital banking emerging. With open banking, it has become possible to not only defraud a consumer’s primary bank, but also their other chosen financial providers. As open banking takes off, the potential for fraud within fintech, e-commerce and banking organisations will only grow.

To tackle this threat, banking and e-commerce organisations have to modernise further, but this time under the watchful eye of European and UK regulators. Coming into force on 14 September, the Second Payment Services Directive (PSD2) is set to protect consumers from identity theft and asset takeovers. It is also taking regulatory compliance and technology challenges to a new level, turning into a strategic and operational challenge for many businesses. Practically, it means that new customers’ identities will have to be verified. But there’s another pain point that not even the banks saw coming.

In the past, it’s not been uncommon to have a joint account or credit card, with only one of the shared holders’ identity verified and known to a bank. This will have to stop under PSD2, and existing banking customers will also have to be re-authenticated. This will place a huge strain on even the most digitally forward-thinking institutions, who may have to re-authenticate the identities of millions of customers, as well as introduce much more stringent identity verification at the on-boarding stage. Overall, banks and FS companies must work hard to see the long-term gain, not simply trying to overcome the short-term pain.

Moreover, the incoming regulation means that banks and fintech businesses will have to authenticate every customer by at least two of the following criteria whenever they want to make an online transaction: something they have, something they are, and something only they know. This could include an ID document, a biometric identifier, and a security question, going beyond simply a card and a pin – as is the current standard. This introduces an additional layer of security to defend against the threat of fraud as open banking grows and e-commerce volumes expand.

Another important regulatory development, pushing digital-first businesses to innovate, is the Online Harms White Paperconsultation, launched by UK government earlier this year. It sets the scene for a set of legislative and non-legislative measures aimed at making companies more responsible for their users’ safety online, especially children and other vulnerable groups. It introduces an interesting notion of the duty of care that modern businesses – including financial institutions, shared economy marketplaces and e-commerce companies – have towards their customers and users.

What we’ve also started seeing is a sea of change in consumer attitudes and expectations. This could be in response to both the rising threat of online fraud and the news of impending regulatory changes. It’s becoming increasingly clear that consumers now prefer and place more trust in businesses with robust identity verification in place – even if it takes some of their time to jump through authentication ‘hoops’. A little friction in a customer journey in the name of online safety is now seen as a good thing. It is also seen as a positive within a partnership or part of a supply chain – as businesses can’t afford the risk of non-compliance under GDPR and other privacy regulations linked to fraudulent identities. That is all well as a concept. But are robust ID checks sustainable for businesses in the long run?

To ‘fight fire with fire’, businesses should use technology as the answer to cyber-security and fraud concerns that surface amid widespread technological innovation. For example, online marketplaces are only a fraud risk because technology has enabled their existence,  but technology is also the cure. AI-led digital identity verification that authenticates the identity of every customer or user on online marketplaces can significantly reduce the risk of fraud and money laundering online – fighting fire with fire might just work.

What’s more, the simplicity of taking a selfie can reduce compliance costs, improve ROI, and maximise the volume and value of online transactions for businesses. It’s set to benefit large traditional and digital-first challenger businesses alike. It is a good case of compliance enabling further innovation and modernisation in the newest sectors of our economy.

In case of PDS2, regtech emerging off the back of the regulation will also help traditional financial institutions to know their existing customers better, reducing the overall risk within their overall portfolio of customer product offerings. Being able to limit account opening fraud and monitor for fraudulent activity in real time will create more consumer trust and goodwill towards fintech and e-commerce newcomers. It is a no-brainer for both brand reputation and pure business sense.

Yet we’re finding many businesses still don’t know where to start on their regtech and digital identity verification journey. While the benefits of ensuring online safety abound, the real question to ask yourself as a business is… are you ready for the deadline?