Citadele Bank

Secure client authentication standards come into force on September 14th

Published on

From September 14th, Regulatory Technical Standards (RTS) on secure client authentication and common and secure open standards of communication come into force within EU member states. These have been passed in accordance with the Revised Directive on Payment Services or PSD2, and will also affect payment processes in Latvia.

This is good news: the goals of the standards are to make payments more secure and improve consumer protection, as well as to promote the development of innovations and competition between the traditional industry players and innovative service providers. The new regulations will ensure that the public can make faster, more convenient and simpler payments for goods and services, while also encouraging the development of innovations.

What does this mean for Citadele clients?

Strong Customer Authentication

One of the compulsory security requirements which must be ensured by the bank is a dynamic link between the service provider and client during the authentication and payment process. This means that a unique code is needed to authorise each payment. This is nothing new; for several years now, our code cards have used SMS codes as an additional authentication tool. The same will now apply for GO3 calculators. Practically all payments of more than 30 EUR will need to be confirmed with an additional code sent via SMS, or strong authentication. This requirement also applies to online payments made with a card: now customers will be required to enter their online banking username and SMS code in addition to their card number. This is why it’s particularly important to ensure that the phone number registered with the bank is correct.

These changes could make the payment process take slightly longer; however, although this may seem inconvenient, this will help us keep our clients’ money more secure. We suggest that all clients who use the mobile app update it to ensure that everything operates conveniently and smoothly. We should add that payment speed will depend not just on Citadele, but also on the bank used by the service provider (for example, an online store) and its technological capabilities.

Open bank

Citadele clients can now authorise licensed third parties to access their bank data, for example, allowing someone to make payments from the client’s account on the client’s behalf, or allowing access to the client’s Citadele bank account information: account number; account balance; or account transactions. This kind of third-party access will only be possible if initiated by the client and with the express agreement of the client to the third party. This can be given using the Citadele online bank or mobile app’s strong authentication.

At the same time, an open bank means that Citadele has opened access to its infrastructure and published a software interface allowing licensed third-party service providers open access to information available to clients through the online bank, and which is necessary for providing the service chosen by the client. Currently, Citadele provides interfaces for account information and payment instigation service providers. All the information you need can be found at our developer portal.

Finally, these standards are in many ways an experiment for every financial institution. Although everyone has prepared for the changes, there are still many things we have to learn together. Thank you for being alongside us as we go through these changes!