European banks will be required to follow SCA under PSD2
what is PSD2 and why must banks comply?
PSD2 is the second iteration of the ‘Payment Services Directive’ (PSD), a European Union (EU) directive first introduced in 2007 to regulate payment services and payment service providers (PSPs). PSD allowed for better pan-European competition and participation in the payments industry while threatening to break-up the banking industry’s monopoly on facilitating secure online payments. Many are concerned about the implications of adapting to SCA under PSD2 but they need not be.
GPayments, a well-known 3D Secure vendor for over 15 years, is introducing a new version of ActiveAccess, its innovative authentication platform, which supports 3D Secure, 3D Secure 2, and SCA, using its multi-factor authentication module.
Strong customer authentication (SCA) is defined as “an authentication based on the use of two or more elements categorised as knowledge (something only the user knows), possession (something only the user possesses) and inherence (something the user is). These must be independent from one another, in that the breach of one does not compromise the reliability of the others, and is designed in such a way as to protect the confidentiality of the authentication data.”
With the general shift towards online services, there is a greater need to authenticate the identity of users during transactions and banking activities, in order to:
The development of PSD2 (the second Payment Services Directive by the European Union) has seen some strong overlap with certain functions of the new 3D Secure 2.0 protocol, especially when it comes to SCA (Strong Customer Authentication), including TFA (Two Factor Authentication) and OTP’s (One Time Passwords).
3DS2 adapts to SCA using MFA (multi-factor authentication) which includes OTPs, biometric authentication such as finger prints or facial recognition, and QR codes than can be scanned by mobile applications.
With the new Payments Directive, banks and other financial institutions will have to comply with the SCA regulations.
The good news for merchants and issuers is that 3DS 2.0 fully aligned with the principles established in PSD2 and can provide the following benefits to Merchants, Issuers and consumers.
GPayments’ authentication suite consists of ActiveAccess is an EMVCo compliant Access Control Server which offers a multi-factor authentication service for internet banking, mobile banking and eCommerce transactions, with or without card schemes’ directory servers. This provides banks with a flexible, cost-effective solution for their eBanking customers.
GPayments’ ActiveAccess Multi-Factor Authentication module provides the required services outlined under ‘Strong Customer Authentication’ in the PSD2 guidelines. This authentication service allows banks and financial institutions to provide their end users with a secure mechanism for accessing their internet and mobile banking portals. Supporting a range of devices, ActiveAccess provides organisations with flexibility now and in the future, allowing the deployment of one or many devices simultaneously, from any vendor, by providing an authentication layer, which hides the device specific intricacies of the authentication process.
ActiveAccess will support each of the following requirements, which need to be met during a dynamically linked transaction:See Our ACS product