By Ian McConnell

ROYAL Bank of Scotland is developing “behavioural biometrics” technology, which analyses factors such as the device being used online by customers and how it is being held, scrolling speed, and the time of purchases, and could replace passwords.

The bank noted that, from next year, an additional form of authentication will be required for some transactions when “strong customer authentication” comes into force. This is part of payment services directive 2 (PSD2), which comes into effect in September 2021 in the UK, and is aimed at preventing fraud and checking it is the cardholder who is making the payment.

READ MORE: Ian McConnell: Dare we hope Tories will not choose pitiless austerity again in wake of coronavirus crisis?

The main aim of PSD2 is to improve consumer protection, boost competition and innovation, and reinforce security, Royal Bank noted.

Asked what aspects of the customer’s interaction with their device would be studied, a Royal Bank spokesman said: “It analyses a range of behaviour from when the customer clicks through to the payment page. It will monitor the device being used, how it is being held, the speed of scrolling, the time the purchase is being made etc., and it will compare this with the customer’s usual behaviour.”

Royal Bank said the technology, customised in partnership with Visa, “could replace passwords and helps to make payments more secure”.

READ MORE: Ian McConnell: High time for Tory attitude change as Brexit impasse fuels alarm

The spokesman, asked about when the technology would be rolled out and whether customers would be able to choose between this and other means of verification, replied: “It is still at a development stage but we are looking at how we can best use it to help customers.”

Royal Bank said the technology, working in the background of a transaction, is able to deliver a “seamless experience” for customers while ensuring a high level of security. It declared the development “represents a major breakthrough in the application of biometric technology”, adding it was the “first bank to test the technology specifically for the purpose of SCA (strong customer authentication) compliance”.