Understanding Strong Customer Authentication

11/18/2020 New Industry news

In order to keep the online payment landscape a safe and secure place for consumers and businesses alike, the European Banking Authority (EBA) has been working towards the implementation of various safety measures. One of the major safety regulations, the Strong Customer Authentication (SCA), will be officially enforced as of the 1st of January 2021.

As that deadline is steadily approaching, European consumers will be asked to provide verification more often and the card issuers will be increasingly declining transactions that do not meet the SCA verification standards.

A quick refresher

3D Secure 1.0 - 2.0

The framework that safeguards credit card transactions is called 3D Secure. Although effective as a security measure, 3DS 1.0 was impractical in use. The implementation of 3DS 2.0 focuses on improved fraud detection/prevention, along with a more intuitive manner of verification - which is only empowered by today’s mobile devices’ increase in functionalities.
When using 3DS 2.0, consumers can verify their transaction through the following means:

  • Something the customer knows (e.g. password or pin)
  • Something the customer owns (e.g. phone or hardware token)
  • Something the customer is (biometric elements).

Exceptions to the rules

There are several exemptions, some are already in place with 3Dv1.0 and some will gradually become available with the implementation of 3Dv2.0. Over time, the policies regarding the new exemptions will become clearer.
For one, recurring transactions are and will remain exempt from the SCA requirement - aside from the first of the recurring transactions which will require SCA. This places emphasis on the opportunities that tokenization and one-click payments, or subscription models can bring to your business.
If you’d like more information about recurring credit card transactions and the power of subscriptions read our blog here.

What does this mean for you?

MultiSafepay as processor and acquirer will use its role to optimise payment flows in order to reduce the negative impact this change might have. Reach out to your account manager to see what opportunities this might bring.


Information for MultiSafepay Merchants

 

Merchants currently linked through our API
Your customers will be automatically redirected to the 3D Secure page when needed. No change is required on your side.

Merchants currently linked through our plugins/integrations
Your customers will be automatically redirected to the 3D Secure page when needed. No change is required on your side.

Can I still use the dynamic or flexible 3D Secure?
Generally speaking, no.
These features have lost their relevance with the SCA implementation for European consumers.

Would you like to have more information?
If you would like to receive more information or have some questions, please contact us through your account manager or contact our Support Team directly.