PSD2 as an opportunity

Legacy enablement with modern authentication and authorization methods

PSD2 gives bank customers more ways to bank

Challenge

Legacy enablement with modern authentication and authorization methods

This German banking giant needed to incorporate PSD2 compliance into its online banking service, specifically: two-factor (2FA) authentication for login and enabling access to payments and account information via third-party providers.
New authentication methods did not fit well with the legacy platform.
Increased demand for authentication and authorization combined with the retirement of the existing method would increase stress on hard-to-scale on-premises systems.

Multiphase delivery of PSD2 requirements, monitoring load, performance and reliability of all back-end systems

Advanced delivery with opt-in 2FA for login allowed gradual scaling of the load on back-end systems. Data gathered confirmed that back-end systems would not withstand the full load of live running with 2FA.
GFT offered “comfort login” as an alternative. This gave users the choice of 2FA or comfort login, which offloaded the authorization systems while fulfilling PSD2 needs.
A fully decoupled authorization front end was developed with React technology to ease integration of modern authorization schemes as required by third party providers (TPPs).
Central dashboard gives holistic view of TPP interaction to improve control.
Project developed using agile methods and delivered by an international team in four locations.

High customer and end-user satisfaction

All PSD2 requirements met on time and within budget.
Solution increases customer convenience and offers choice of ways to log in securely and comfortably.
System loads were fully optimized to drive down costs.
The bank was celebrated in the media as the best implementation of the PSD2 directive.