Hey guys, today in this article, we will discuss the five things to know about what is strong customer authentication regulation under PSD2? So keep reading.
The revised Payment Services Directive or PSD2 is intervening in the payment industry to bring about revolutionary changes. As the world is shifting online, customers are increasingly making purchases online.
The payment ecosystem is witnessing a digital shift, marking the entry of new payment service providers. The third-party providers (TPPs) offer innovative banking services that help improve online transactions’ speed, efficiency, and security. They can access customers’ accounts, subject to their consent, aggregate data, and payment data directly from the source, removing the need for any middlemen in payments.
PSD2 is initiating an ‘open banking’ disruption and is keen on innovation, security, and market competition. It is helping to upgrade the payment infrastructure, thus reshaping the global payment industry. It is also keenly concerned with the security aspect of online payment. Strong customer authentication (SCA) is one of the most widely discussed aspects of PSD2.
PSD2 strong customer authentication regulation helps check into the growing risk concerns in online payment as the risk of cyber concerns intensifies. PSD2 mandates SCA during payment initiation, when viewing or altering sensitive payment data, or when any action implying risks of payment fraud or similar abuse occurs through a remote channel. It implements multi-factor authentication when completing online payments.
Five Things To Know About What Is Strong Customer Authentication Regulation Under PSD2?
PSD2’s Definition Of SCA
The revised Payment Services Directive defines SCA as “an authentication based on the use of two or more elements:
- Knowledge: something only the user knows (password, pin, secret fact)
- Possession: something only the user possesses (phone, wearable, hardware token), and
- Inherence: the user is (fingerprint ID, facial ID, voice ID, retina scan).
These three elements must be independent of each other. That is, these elements do not breach one another or compromise reliability. It must be designed in such a manner that it optimally protects the confidentiality of the authentication data.”
How Can PSPs Meet Their SCA Obligations?
Payment service providers (PSPs) must align to the SCA obligations for streamlining online transactions. To successfully process this, there are various important factors which they must consider:
- Compliance with Regulation: It is a core focus area to mandate SCA. PSPs need to deliver across all channels and transaction types consistently. They must choose scalable solutions, as in the near future, the PSPs will have to sanction more transactions that must adhere to SCA requirements in real-time. Thus, the SCA solution that they implement should meet current and future business requirements without affecting performance or causing downtime.
- Improved Customer Experience: Integrating the SCA solution should not impact customer experience. It should be implemented so that it makes the online transaction process seamless. When building a customized SCA solution for their business platform, they need to pay close attention to the customers’ journey. The solution must offer adequate authentication choices and guide the customers effectively to complete the transaction.
- Cost-effective: The stakeholders must strategically deploy the SCA solution to meet the current and future demands. Otherwise, it will end up costing more over the long term. It should not cause customer disruption and enable friction-free transactions.
There are various transactions that are exempted from SCA. It includes the following:
- Transaction risk analysis: Online transactions are defined as low risk according to predefined technical criteria instead of the transaction’s value.
- Low-value transactions: The online payments under 30 euros (typically limited by a specific number of possible low-value transactions occurring within a day or by a cumulative value expenditure in a predefined period).
- Subscriptions and recurring payments: The transactional value is the same each time a payment is processed.
- Whitelisted businesses: During online transactions, the customers can choose to whitelist trusted companies and avoid going through the authentication step to make future purchases.
If transaction risk is considered ‘high,’ additional authentication may be triggered through 3D Secure (3DS). It is also called ‘step-up.’ 3DS is a commonly used method to authenticate an online card payment, and many European cards support it. After payment checkout, 3DS prompts the customer’s bank to the cardholder to provide additional information for successfully delivering the payment. An updated version of 3DS, known as 3D Secure 2.0, was published in 2019. 3D Secure 2.0 is compliant with the new SCA requirements.
Benefits Of SCA Solution
As the market ecosystem is increasingly shifting online, it requires robust authentication processes to complete the online transaction. The adoption of SCA in payment infrastructure yields the following benefits:
- Comply with international regulations like PSD2 and PCI-DSS (Payment Card Industry Data Security Standard).
- Close the vulnerabilities in online transactions, and reduce the incidence of online fraud.
- Reduce the cost of processing fraudulent transactions.
- Leverage customer loyalty, and increase their confidence in using online services.
Thus, PSD2 mandates strong customer authentication regulation to make the payment ecosystem more dynamic and secure. It seeks to protect the confidentiality and integrity of customers’ transactional data across the authentication process.
I hope you liked this article on the five things to know about what is strong customer authentication regulation under PSD2? Thanks for reading!.