App-to-app shopper authentication is booming, since the implementation of the PSD2 directive in 2018. Based on strong authentication, it allows certified third parties, like us, to simply and much more securely connect to many banks' mobile apps. And its use is crucial for the development of open banking. We explain it all to you, with Benoit Mouret, our Head of Product.
App-to-app (or App2App) is the mechanism by which a mobile application can authenticate its users through another mobile application in complete security. This means that when the application is installed on your phone, you are not asked for your login and password again. This is a strong authentication solution for shoppers. It allows mobile applications performing authentication to offer a simplified and faster process, as long as the shopper already has a native application installed on his mobile device, managed by the owner of the server initiating the authorization (his bank, in this case).
With open banking, we have moved from web scraping, which consists in extracting data from a website to use it in another context (usually by re-entering one's login and password on another platform), to authentication via APIs respecting the DSP2 (app-to-app).
Thanks to the latter, shoppers no longer need to identify themselves twice: once they have installed their bank's application on their smartphone, they can authenticate a transaction via a simple fingerprint or with FaceID, during checkout.
"Authenticating in DSP2 is now as easy as validating an e-commerce transaction", says Benoit Mouret, Head of Product at Spaycial.
Until now, one of the main obstacles to authentication validation was the bank identifier, which the shopper generally did not know by heart. Thanks to App-to-app, there is no need to memorize long strings of numbers, as the interconnection between the banking applications and the third party makes authentication immediate.
Here are the steps of account linking through the App-to-app process as we do it, in summary.
First, the shopper wants to subscribe to a loyalty program operated by Spaycial on the application of the chosen brand (Westfield Club, for example).Benoit Mouret confirms: "We have observed that over the last 12 months, following the implementation of strong authentication via app-to-app, the conversion rate at our retailers has increased by 33% compared to authentication by scraping".
With the ease of use and security it provides, it's a better experience in the long run, making shoppers more loyal.
Going through PSD2 authentication also means a more secure experience for shoppers. Throughout the process, shoppers navigate in a more secure environment (authorization is done directly on the bank's interface, which is more reassuring). Moreover, consent is systematically requested, and Spaycial being a certified bank aggregator, the transaction is done in full confidence.
In a word, the app-to-app authentication mechanism is an important step forward in the application of PSD2 and the evolution of banking services. By enabling a smoother experience for the user and better results for brands, it contributes to the popularization of open banking and paves the way for new payment data management models.