Strong Customer Authentication

05/29/2019 Industry news

September 14th of 2019 – Strong Customer Authentication (SCA) will go into effect. As part of the updated PSD2, this regulation will be initiated to improve security in the payment space. This article sets out to inform merchants about the requirements of SCA and how it may impact the way online consumers authenticate themselves.

What is Strong Customer Authentication?

Strong Customer Authentication (SCA) must be used for all remote electronic transactions – unless an exemption applies. The introduction of SCA aims to strengthen the authentication process of online consumers. This new European regulation is supposed to reduce fraud and increase the security of online payments. In particular, payments will need to be accepted with at least two authentication factors.

In total, there are three different authentication factors set out by Strong Customer Authentication:

  • Something the customer knows (e.g. password or pin)
  • Something the customer owns (e.g. phone or hardware token)
  • Something the customer is (biometric elements)

For example, when a consumer completes a payment via phone, he/she needs to use something owned (the phone) and needs to confirm the payment with something he/she is (fingerprint) or something he knows (the app pin). Currently, various payment methods already comply with SCA’s two step-verification and if this is not the case, MultiSafepay is able to provide a solution.

When is SCA applied and which are the exemptions

In general, SCA applies to online transaction initiated by consumers with an amount higher than 30 euros. Nonetheless, there are many payment methods already in line with SCA and certain payment methods that are exempted. For example, direct debit transfers, payments via invoice, recurring payments (subscription based) and pre-payments do not require Strong Customer Authentication and need no further action.

What technologies can be used

There are different technologies that help merchants adding security layers (that are in line with SCA) to credit card payments. For example, MultiSafepay offers technologies like tokenization and 3D Secure  to all its merchants by means of in-house developed plugins and API’s. Thanks to these technologies, the consumer can securely store
credit card data for repeat purchases after the initial payment. If you are interested in our security technologies for your webshop, do not hesitate to contact our payment experts!

 

Disclaimer: the information in this article has a general informative purpose. Given the changing nature of the law, rules, regulations and information in general, as well as the risks related to electronic communication, there could be delays, omissions or inaccuracies in the information contained in this article. As a result, the information in this article should not be used as a consultation with a professional consultant. We recommend that you consult the competent authority before taking any decision or action. While we have taken the greatest possible care in compiling the information released in this article, MultiSafepay cannot guarantee the completeness, timeliness and / or accuracy of the information. As a result, MultiSafepay accepts no responsibility for direct or consequential damages resulting from the use of, reliance on or actions taken based on information provided in this article.