Top 3 Things You Didn’t Know About PSD2 Strong Customer Authentication
4 min readAre you scared out of your wits due to the increasing number of fraud transactions taking place? Don’t you know how to reduce these issues in your company? Well, I think I can help you come out of this situation if you keep reading this blog for the next few minutes. Did you know that the European Union issued a payment service directive a couple of years ago named “Psd2 Strong Customer Authentication”? According to this directive, it is imperative for all the businesses, banks, and other financial institutions within Europe that accept payments to include a strong customer authentication setup into their payment system. This way, you can prevent uncountable fraudulent transactions that are eating into your profits.
In this blog, I’ll let you know in detail what PSD2 strong customer authentication is, when it is required, and how you can authenticate a payment, ok?
What is Strong Customer Authentication?
Strong Customer Authentication is a new European regulatory requirement that emphasizes reducing fraud transactions through contactless offline and online payments. In other words, you can say that it is simply a regulation that makes it necessary to make contactless offline and online payments more secure, understood? So, what you need to do to accept payments meeting Psd2 Strong Customer Authentication is to include an additional authentication system into your checkout flow.
Just to let you know, SCA requires your authentication to utilize a minimum of two elements amongst the following three:
1 – Something that customer is
Examples of such elements could be anything like fingerprint or face recognition.
2 – Something that customer has
Examples of such elements could vary between a smartphone or hardware token.
3 – Something that customer knows
Examples of such elements could be something between a PIN or password.
Due to such requirements, now banks will have to start declining the payments that don’t meet the criteria listed in the second payment service directive. Although it is not a harmful action, it will take time to show positive results. Soon they will realize how the cases of fraudulent transactions have decreased in the upcoming years, and they are not making any loss anymore because of that.
When you need Strong Customer Authentication?
For your information, I must tell you that Strong Customer Authentication is needed when a customer initiates a transaction. As discussed earlier, the transaction could be a contactless offline or online payment that is done within Europe, ok?
That also means whether you want to accept payments through cards or offer customers a platform to do bank transfers, you need a strong customer authentication system in place. On the other hand, if banks are debiting your account in a recurring manner for any loan or advance you have taken from them, it won’t require strong customer authentication as they are “merchant-initiated”, not customer initiated. What else you need to know is that for online card payments, strong customer authentication is required only when the business and cardholder’s bank are located within European Economic Area (EEA).
Take note that even though such requirements are needed for businesses and banks operating within the EEA, you may also face the impact if your business is located in North America. The reason? Most of the customers who would buy your product or service would probably hail from Europe, ok? So, it’s better to upgrade your payment system now as per the EU’s second payment service directive so that you don’t have to bear losses due to malicious transactions down the line.
How can you authenticate a payment?
In the current scenario, 3D Secure is the widely used method to authenticate an online card payment. What’s more, this authentication standard is now supported by a large number of credit and debit card providers in Europe. By integrating 3D Secure in their payment systems, banks add an extra step after checkout when a customer is buying a product or something. In this step, banks ask customers to provide some additional information in order to complete the payment. For instance, they could ask customers buying a product or service from your site to enter a one-time code sent to their mobile phone or authenticate themselves through a fingerprint feature in their mobile banking app.
Last note
Integrating a strong customer authentication system in your payment flow is the need of the hour to reduce fraudulent transactions. Businesses like yours make huge losses every year due to such activities, and that affects their bottom line. So, what you need to do next is get in touch with a leading fraud prevention company and ask them to offer you solutions that can lower down fraud transactions on your site. In case you don’t know, I must tell you that they offer some really amazing software that is great at understanding the malicious behaviour of customers and detecting fraudulent transactions even before they occur.