How will SCA and PSD2 affect you?

Strong Customer Authentication under
PSD2 Guidelines

Request a Demo Contact Us
European banks will be required to follow SCA under PSD2

what is PSD2 and why must banks comply?

PSD2 is the second iteration of the ‘Payment Services Directive’ (PSD), a European Union (EU) directive first introduced in 2007 to regulate payment services and payment service providers (PSPs). PSD allowed for better pan-European competition and participation in the payments industry while threatening to break-up the banking industry’s monopoly on facilitating secure online payments. Many are concerned about the implications of adapting to SCA under PSD2 but they need not be.

GPayments, a well-known 3D Secure vendor for over 15 years, is introducing a new version of ActiveAccess, its innovative authentication platform, which supports 3D Secure, 3D Secure 2, and SCA, using its multi-factor authentication module.

PSD2

What is Strong Customer Authentication (SCA)

Strong customer authentication (SCA) is defined as “an authentication based on the use of two or more elements categorised as knowledge (something only the user knows), possession (something only the user possesses) and inherence (something the user is). These must be independent from one another, in that the breach of one does not compromise the reliability of the others, and is designed in such a way as to protect the confidentiality of the authentication data.”

With the general shift towards online services, there is a greater need to authenticate the identity of users during transactions and banking activities, in order to:

reduce-cost

Reduce the cost of processing fraudulent transactions

safe credit cards

Reduce the potential for online fraud

PSD2 Compliacne

Comply with international regulations such as PCI-DSS and of course PSD2

safe payment

Increase cardholder confidence in using online services

What is dynamic linking?

Dynamic linking, a new requirement of PSD2, involves dynamically linking authentication tokens to the specific payment amount and the specific payee of the transaction.

In the case of changes to the payment amount or payee, the authentication token will no longer be valid and a new one needs to be generated and used. The inclusion of such dynamic linking elements in SCA features a well encompassed additional authentication layer beyond the previously required guidelines.

PSD2

3D Secure 2.0 & PSD2, together can ensure safe and secure online transactions

The development of PSD2 (the second Payment Services Directive by the European Union) has seen some strong overlap with certain functions of the new 3D Secure 2.0 protocol, especially when it comes to SCA (Strong Customer Authentication), including TFA (Two Factor Authentication) and OTP’s (One Time Passwords).

3DS2 adapts to SCA using MFA (multi-factor authentication) which includes OTPs, biometric authentication such as finger prints or facial recognition, and QR codes than can be scanned by mobile applications.

With the new Payments Directive, banks and other financial institutions will have to comply with the SCA regulations.

The good news for merchants and issuers is that 3DS 2.0 fully aligned with the principles established in PSD2 and can provide the following benefits to Merchants, Issuers and consumers.

Merchants
Merchants

Merchants will be able to offer a consistent, easy-to-use service across multiple payment gateway platforms and digital media during transaction authentication; this will help combat the 3D Secure issue of high cart abandonment rates.

Issuers
Issuers

Issuers can improve ‘frictionless authentication’ by way of richer data exchanges. Additionally, cardholders will be able to choose their preferred medium for making purchases – thanks to multi-factor authentication functionality – without compromising on security.

Consumers
Consumers

Consumers want a convenient and secure service when carrying out eCommerce payments; 3D Secure 2, along with the corresponding MPI and ACS technology, will provide these benefits, adding efficiency with little to no impact on applications and payment gateways that customers are already familiar with.

How GPayments can help to comply with PSD2/SCA?

GPayments’ authentication suite consists of ActiveAccess is an EMVCo compliant Access Control Server which offers a multi-factor authentication service for internet banking, mobile banking and eCommerce transactions, with or without card schemes’ directory servers. This provides banks with a flexible, cost-effective solution for their eBanking customers.

GPayments’ ActiveAccess Multi-Factor Authentication module provides the required services outlined under ‘Strong Customer Authentication’ in the PSD2 guidelines. This authentication service allows banks and financial institutions to provide their end users with a secure mechanism for accessing their internet and mobile banking portals. Supporting a range of devices, ActiveAccess provides organisations with flexibility now and in the future, allowing the deployment of one or many devices simultaneously, from any vendor, by providing an authentication layer, which hides the device specific intricacies of the authentication process.

ActiveAccess will support each of the following requirements, which need to be met during a dynamically linked transaction:

  • The payer must be aware of both the transaction amount and the payee at all times
  • Authentication tokens must be specific to the amount of the transaction and to the payee
  • The underlying technology must ensure the confidentiality, authenticity and integrity of:
    • the amount of the transaction and of the payee
    • information displayed to the payer through all phases of the authentication procedure
  • The authentication code must change if any changes are made to the amount of the transaction and/or the payee
  • The channel, device or mobile application, through which the information linking the transaction to a specific amount and payee is displayed, must be independent or segregated from the channel, device or mobile application used for initiating the electronic payment transaction
See Our ACS product
ActiveAccess ActiveAccess PSD2

Want to know how we can help you meet PSD2?

Leave your information and out friendly stagg will contact you soon!
For general queries, please email sales@gpaynullments.com

Latest from our Blog