Four Things to Know About PSD2 Strong Customer Authentication

1. Four Things to Know About PSD2 Strong Customer Authentication

2. PSD2, a revision of the Payment Service Directive, is a regulatory effort that seeks to bring innovation in online transactions while providing enhanced protection to customers. PSD2 is intervening in the payment industry throughout the European Union and governs both electronic and other non-cash payments. It aims to make payments secure, easy, and efficient. The directive entered into force in January 2016. It has three main goals: to improve consumer rights, strengthen eCommerce security, and manage third-party access to consumer financial accounts. PSD2 seeks to successfully enhance and integrate the internal market for electronic payments. It enables the banks in UK to open up the data, thus transforming how they carry out transactions. Under Open Banking, they must use standardized application programming interfaces (APIs) to provide data and trigger operations for the identified third-party providers’ TPPs. The TPPs are typically non-banks that can get direct and legitimate access to clients’ payment account information. The Open Banking approach under PSD2 is shifting the autonomy and monopoly of financial institutions in the market, promoting growth and decentralization. SCA or Strong Customer Authentication is one of the main pillars of Open banking/PSD2. The focus of PSD2 Strong Customer Authentication regulation is to improve security in the payments space. With SCA, additional steps are taken to ensure the legitimacy of transactions and to establish that the customers are indeed who they say they are. Two-factor Authentication An important element of SCA is two-factor authentication. 2FA enables the stakeholders to cross-check the information and verify the identity of users. The authentication is based on the use of any of the two elements among “KHI”:

3. K: Something that the customer knows. It may include a password, pin code, sequence, secret fact, or answer to a security question. H: Something that a customer has. It may include a mobile phone, a token generator, badge, smart card, a wearable device. I: Something that a customer is. It includes biometric identification data, like a fingerprint, facial features, iris format, voice patterns, DNA signature. When is the Strong Customer Authentication triggered? PSD2 SCA regulation will be applied to any new transaction that the customer initiates. It will only be effective when the customer and merchant’s bank are located in the EU. However, certain transactions are exempted from SCA if they satisfy the following criteria. PSD2 does not apply if the transaction is a commercial card. The Acquirer or the Issuer can choose to exempt a transaction from SCA. In such cases, it will not apply. A customer can ask their bank to add a particular merchant to a whitelist. Thus, the merchant will be exempted from the SCA regulations. For recurrent transactions, SCA will be required only for the first authorization. If the amount is the same for the following transactions, the transaction is exempted.

4. 3DS2 3DS2 is promoted as a solution for SCA that helps in satisfying the PSD2 requirements in Europe. It is a multi- factor authentication protocol that helps in confirming digital identity during checkout. 3DS2 enables the payment providers to send 150 data points, along with device and order history, to a customer’s bank, enabling the bank to verify the actual cardholder. Thus the bank can passively authenticate the cardholder instead of pursuing the customers each time to enter the password. If transaction risk is considered ‘high,’ the stakeholders can trigger additional authentication using 3DS2. 3D Secure 2.0 is compliant with the new SCA requirements. Four markers that are inherent to successful SCA implementations: Develop a Communication Strategy Industry leaders need to develop a strong and coherent strategy to establish clear and coherent communication with the customers and educate them thoroughly about the process. Identify Priorities for Merchants Merchants face the burden of meeting the requirements of SCA compliance. PSPs and acquirers can help the merchants and educate them on the minimum requirements to prevent declined transactions. It will help them drive the adoption of necessary technologies such as EMV 3-D secure (3DS2) messaging protocol. Proper implementation will help them leverage frictionless transactions and enable a positive customer experience. Understand Issuer Behavior

5. Under PSD2, merchants will have to share more data with issuers. It will empower the issuers to make informed authentication decisions and decrease the risk of declines. But industry leaders are also aware that the issuer behavior generally depends on size and location. And, as SCA becomes more extensively implemented, it will impact their behavior. Thus, those PSPs better aligned with issuer behavior will enjoy an enhanced advantage. Build Tools and Recognize Data Importance Among the PSD2 SCA exemptions, transaction risk analysis (TRA) is one of the most popular. Good TRA models help in driving better exemption rates for low-risk transactions. The PSPs must bring data to the core of their processes and address the vulnerabilities to optimize internal fraud management capabilities. SCA provides rich data across merchants, prompting the PSPs to develop in-house tools or outsource capabilities from third-party. To Conclude: You should know a few things about strong customer authentication solutions under PSD2. It helps make payments safer, increase consumer protection, and bolster international e-commerce.

6. Source URL: https://web1expert.com/four-things-to-know- about-psd2-strong-customer-authentication/