PSD2​:​ ​A​re ​You ​Ready for ​S​trong ​Customer ​Authentication​?​

The PSD2, also known as the Revised Payment Service Directive, has been a game changer for the banking industry and online retail. One of the most important components of the PSD2 is the requirement that Strong Customer Authentication (SCA) be used for most ecommerce transactions.

Before the PSD2 was implemented, banks enjoyed a near monopoly on customer account information. This, in turn, made it difficult for third parties to provide payment services. In order to ensure that customers remain protected, the European Union is implementing Strong Customer Authentication.

Meeting PSD2 requirements will be essential for any company doing business in the European Union. If you don’t meet requirements, banks may decline to process payments to your company. This will result in lost sales and customers. However, Mastercard found that just 25 percent of EU businesses realized they need to meet SCA requirements. And only 18 percent already have SCA in place. This could spell trouble.

In this article, I’ll go over SCA and how it could impact your business. SCA can be a bit of a burden for ecommerce and other online businesses. But don’t worry, PayKickstart makes meeting SCA requirements easy.

Understanding the Payment Services Directive

PSD2 stands for the Payment Services Directive 2.0, which replaces the original PSD that was implemented in 2007. The PSD2 is a European Union directive and will regulate payment service providers and payment services throughout the European Economic Area (EEA).

The EU Parliament building.

If you don’t do business in Europe, you might not have to worry about SCA. However, don’t be surprised if other governments roll out similar requirements in the future.

The directive is part of the EU’s larger efforts to increase integration across the region. Ultimately, the PSD2 aims to increase competition in the payment services sector and to level the playing field. Importantly, the PSD2 will open the payment industry to non-bank organizations.

Among other things, the directive will harmonize consumer protections across the EEA and will more clearly outline the rights and obligations of both payment service providers and users. This brings us back to the Strong Customer Authentication, which is one of the key requirements of the PSD2.

What is SCA and Why is it Being Implemented?

With SCA, businesses must use extra levels of authentication to ensure that the transaction is legitimate. Unfortunately, fraud is prevalent in the ecommerce industry. In 2016, fraud totaled €1.8 billion. This actually marked a 0.4 percent decrease from a year prior. However, online fraud actually rose. In total, online fraud accounted for 73 percent of all fraudulent activity.

Obviously, this is not good and ecommerce retailers can even find themselves liable for fraudulent transactions. With ecommerce growing swiftly across Europe, the government is looking to reduce online fraud in order to protect both customers and businesses.

This is where Strong Customer Authentication comes in. With SCA, additional steps are taken to ensure that all transactions are legitimate and that the customer is indeed who they say they are. Whereas in the past, retailers only needed the customer’s credit card number and name to approve a charge, once SCA is implemented, two-factor authentication must be used.

SCA requires more than just a password. Two factors must be used to confirm the identity of the customer. Online retailers can mix and match any of the two factors below:

Ayden outlines two factor login.

So how do you actually go about strong customer authentication? As of right now, the most common solution looks to be using third party providers to authenticate customers.

Meeting Your SCA Obligations with 3D Secure

Third party providers can be used to authenticate customers. Among other things, these third party providers can use two-factor authentication to meet SCA obligations.

One popular and easy-to-implement third party solution is 3 Domain Secure, which is also referred to as 3D Secure or 3DS. The original 3DS 1.0 system, however, didn’t include two-factor identification. Instead, customers might be prompted to type in a single password.

The 3-D Secure in pictures.

Now, the new 3DS 2.0 system does include two-factor identification and meets the requirements rolled out by the European Union. Ultimately, 3DS 2.0 is perhaps the easiest way to ensure that your business is SCA complaint.

In another article, I took a deep dive into 3D Secure and the approaching September 14th deadline. Come September, companies doing online business in Europe will need to use SCA.

Other Methods for Meeting SCA

3D Secure looks to be in a prime position to emerge as the preferred solution for meeting SCA requirements, at least initially. It’s quite possible that other service providers will emerge, offering better solutions. And, there are already a few alternatives in the market, although none provide as much flexibility as 3DS (yet).

For example, Google Pay and Apple Pay already offer secondary built-in layers of authentication. Ecommerce stores can offer customers a chance to use Google Pay and Apple Pay, which will then leverage their extra authentication layers to verify the customer and thus meet requirements.

Quite likely, other payment providers will provide their own solutions. However, 3D Secure 2.0 is ready to go and can easily be integrated into many shopping carts and payment gateways. Even the ubiquitous online payment processor PayPal is hopping on the 3D secure bandwagon, rather than pushing its own solution.

Meeting SCA is All But a Must

No matter what solution you choose, meeting the fast approaching Strong Customer Authentication requirements is a must. If you don’t have SCA in place, you could lose revenues as banks decline to process payments. As a result, you’ll lose your European customers.

Fortunately, with 3D Secure, meeting authentication requirements is easy. And with PayKickstart, enabling 3D Secure is a synch.