European regulators have issued a certain number of recommendations regarding the security of electronic payments[1]. However, in terms of technology, the power is still is the hands of the users, as they are the ones to decide whether or not to use or adopt a given technology.

In businesses, computers, telephones and tablets are now chosen by the users based on criteria such as ergonomy, price or brand name. We are witnessing a similar trend in the field of online transaction security alongside the generalisation of Bring Your Own Authentication, a natural extension of Bring Your Own Device. This technology and these new approaches based on simplified ergonomics break away from the authentication solutions traditionally provided by banks.

Financial institutions no longer have to finance equipment, which in the end was only used to make payments or log in to an online bank account. The problems involving providing technical assistance for the application and hardware no longer apply as this service is now provided by a third party.

However, in the same way that BYOD imposed new architectures in businesses and contributed to the generalisation of SAAS applications, BYOA also requires changes in terms of authentication. Apple has therefore imposed biometrics, even though the banking community was reticent to use this technology. The generalisation of in-app payments avoids the need to re-enter bank card details. New stakeholders, such as UBER, are imposing their own rules (for example storage of the card number, CVV and expiry date), which is forbidden for instance for French stakeholders.

Users gain an instant advantage from this level of authentication control by being able to choose from among the multitude of payment options now available. Today: Wallet, Online Currency Account, Direct Debit, Tokenisation, etc. Tomorrow: Peer-to-Peer or Bitcoin.

This BYOA trend is characterised by its speed. Technology providers are finding themselves in a race against time to impose their ecosystem and their economic model. The consequence of this is the development of proprietary solutions that are difficult to assess.

However, this movement is also an industrial opportunity for European stakeholders (even if these aspects fall under European sovereign technology). In this IT consumerization logic, we will therefore witness the appearance of devices (such as the SesameTouch developed by Trust Designer) designed to authenticate and make online payments without resorting to the use of a device provided by a bank. They will also allow passwords and login information to be replaced, thus providing simplified ergonomics, regardless of the platform (computer, telephone, television, car, etc.) and type of services (online role playing game, digital identity such as FranceConnect, electronic safe).

These devices form a third approach as they fall within open logics, based for example on certification and assessment frameworks accessible to all stakeholders.

[1] Revised Payment Services Directive (PSD2); Guidelines on the Security of Internet Payments (European Banking Authority’s Guidelines), etc.