The European Union's new banking directive imposes higher security standards. The tokens will be retired, replaced by SMS and apps
According to some reconstructions, the downs of the Intesa Sanpaolo website recorded between late April and early May are attributable precisely to its implementation. Malfunctions that have sent the users of Italy's leading banking group into a rage, but which were necessary in order to bring Intesa Sanpaolo's IT systems into line with European directives and, at the same time, to offer greater security to its customers.
The stumbling block, if you will, is the old two-factor authentication system used by Intesa (and by the vast majority of Italian banks), based on a code created by a physical token (the bank's key, to be precise). As of September 14, in fact, this system must be set aside in favor of the so-called Strong Customer Authentication (abbreviated as SCA), created to reduce the risk of online banking fraud.
Why Italian banks say goodbye to tokens
As mentioned, from September 14, 2019 Italian banks (and more generally European ones) will have to retire tokens, the little keys used to generate the temporary codes (One-Time Password in technical jargon) needed to access their home banking profile and authorize payments (both credit card and bank transfers). The change has been made compulsory by the entry into force of the new European directive on banks (PSD2), which imposes stricter security constraints.
How the new home banking access codes will work
The new codes, which will be generated within the mobile banking app or sent via SMS, will last between 15 and 30 seconds, but can only be used for one operation. The code used to authenticate oneself within one's current account, therefore, cannot be used to confirm a transfer or carry out any other operation.
These measures will guarantee a greater level of security than the old tokens. Both the access to the personal profile and the online payments will be safer: the users will have more protection from the attempts of electronic fraud and will be able to use electronic payment systems with more carefree.