Understanding PSD2 and Strong Customer Authenticaion

By Mann Matharu| Published on 01/03/2018
Mann Matharu | Stark Payments
Strong Customer Authentication

Securer online payments with Strong Customer Authentication

Technology is moving at such a fast rate, and online technology is no exception, including the Internet payments industry. In the last few years, we have had many advancements within Fintech, and that is a trend that is only going to continue, potentially at an even faster rate.

There is now more choice than ever when it comes to available payment gateways, and the more veteran options have gone through various changes to help make them a better platform. It is not just online stores that have seen in many new payment choices, but physical stores have slowly begun to offer ways to pay digitally. Payment gateways have been implemented within increasing amounts of applications and websites, allowing consumers smoother payment experiences, and business’ better tools for their e-commerce projects. Although there are certain names at the front when it comes to digital payments, the market has been ever increasing with the competition.

Second Payment Services Directive (PSD2)

There is also something on its way that will shake up our payment standards. You may have heard about the PSD2 (Second Payment Services Directive) and SCA: Strong Customer Authentication. This is something that all online business’ will need to be considering, as it will change how customers are served by payment gateways and what needs to be implemented within your business’ chosen payment frameworks.

In short, The Second Payment Services Directive is a directive requiring banks to open their infrastructures and customer data assets to third parties, so that they can then develop payment and information services for the customers. By 13th January 2018, Member States within the EU have had to implement the revised Payment Services Directive into their national regulations.

Designed to help reduce unauthorised payments

So, under this PSD2 directive, we have Strong Customer Authentication. Fundamentally, SCA has been set in place to help improve payment security and help reduce fraud. It will mean that stricter requirements for authenticating online payments are to be introduced in Europe. Some business’ do already operate various forms of payment authentication into their checkout process, but Strong Customer Authentication will be a requirement for online payments in 2019 unless the business in question falls into any of the exemptions which we will go into shortly.

Strong Customer Authentication will mean that for a payment over a gateway to be authenticated it must have at least two of the following elements met by the customer:

• They would need to provide something that only they know, for example, a password, code, or a PIN

• They will also need to provide something that only the customer has, an item such as a card, a mobile phone or another object that they have in their possession

• Lastly, they need to provide something that the customer is, so, for example, a fingerprint, facial recognition or indeed an iris scan

As part of this process, the customer’s bank will also generate a single-use authentication code, this will correspond to the amount of the payment made through the gateway, and the business that it is intended for. The customer will always need to have it made clear to them the amount and the business being paid. These transactions will also need to be monitored to catch any unauthorised or fraudulent payments.

Strong Customer Authentication exemptions

The exemptions regarding SCA being implemented include; if the payment is centered around any of these attributes; if the payments are subscriptions, the transactions are below 30 euros, the transactions are regarded as ‘low-risk’, the payments fall under secure cooperate payments exemptions or the payments are white-listed trusted beneficiaries. A white-listed trusted beneficiary refers to a business that a customer trusts, therefore adding them to their white-list, which would be maintained by the customer’s bank. The first payment would still require SCA, but subsequent payments will not. SCA would still be required when a customer creates, confirms or amends a website.

Customer benefits

The benefits to customers provided by Strong Customer Authentication will be the increased safety in their transactions, which of course benefits the business’ too, with better customer satisfaction and helping to prevent fraud. In theory, these extra layers of protection offered during the payment process should be highly beneficial-especially during this age of increased cyber attacks. Business’ will likely have their work flow disrupted as they set their sites up in accordance with SCA, but hopefully, they will find a way to do so as smoothly as possible. We do live in a world that feels like we are heading to an ever more ‘instant’ world, especially online, but when it comes to the security of payments over the world wide web, its likely that most customers will appreciate the longer authentication process if it means safer transactions.

SCA enforcement is expected to start around September 2019, so this should give companies some time to get their heads around the new measures and avoid any fines for not completing SCA to the correct level on their websites. National regulators in Europe will have the power to issue fines. The finer details of how business’ will need to set up SCA should become clearer over the coming months. Websites that have a payment system will likely want to warn customers about the new measures as they may be unaware, and it may in fact be a requirement to do so.

I mentioned earlier; how fast Fintech moves, and with that in mind it can be hard to keep up with all the latest developments. Let us focus in this case on what 2018 is believed to be bringing us. A natural step that has been predicted is that financial technology organisations and applications will be making purchasing even more seamless. Along with this, more physical stores will accept payment by mobile. A trend that will likely increase is that of more people paying for product and services digitally. It is likely that we’ll see governments begin to encourage consumers to choose the digital option for paying. Its also believed that traditional breaks and mortar banks will further embrace the advancements of fintech, in order to not get left behind, as in the past they have been slow to react to tech developments.

Quite an interesting development in fintech, that is likely to see strong growth this year, is a more common application of chatbots to financial services such as banking, for customer use. Now some companies have been using these some time, but due to recent advancements in AI in terms of these bots, more intelligent chatbots have been developed that could serve the customer and business in question much better than previous attempts.

Essentially, of course, we can only predict so much, as who knows what developments are around the corner, but it is fair to say payments as we know them are changing now more than ever.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedIn

Blog & Insights

How a Payment Gateway Works

by StarkPayments| 23/09/2018

How to Choose a Good Payment Gateway

by StarkPayments| 19/08/2018