On 14th of September 2019 new requirements for authenticating online payments will be introduced in Europe as part of the second Payment Services Directive (PSD2) - SCA.
So, what is Strong customer authentication (SCA)?
The new European regulation mandates SCA procedures for online banking services and for initiating and processing electronic payments.
In the past customers could simply enter their card number and a CVC verification code, but in accordance with PSD2 regulations, more information will be required at the process of payment.
As defined in PSD2, Strong Customer Authentication means that transactions are authenticated using two or more of the following elements:
- Knowledge: something only the user knows (e.g. password, pin, ID number)
- Ownership: something only the user possesses (e.g. mobile device, token, smart card)
Inherence: something only the user is (e.g. fingerprint, face or voice recognition)
SCA is currently only required when both the acquirer and the issuer are located within the European Economic Area (EEA). It means that merchants who are working with an acquirer licensed in the EEA will face an increase of declines on transactions processed on credit cards issued in the EEA region if SCA requirements are not met.
This should not be the case for payments processed on a non-EEA issued card, however, nor would it apply to merchants contracting with acquirers licensed outside the EEA, regardless of whether the card is issued in the EEA region.
As for now an authentication tool called 3D Secure 1.0 is used by the card schemes to verify ecommerce card transactions. You may be familiar with the process of making an online payment and being redirected to a new page to input a code, this is 3D Secure 1.0 doing its job to make sure you are who you say you are, online. Now a new specification, 3D Secure 2.0, has been introduced. This will make it easier to collect SCA information at the time of the transaction.
3D Secure 2 (also called EMV 3-D Secure, 3D Secure 2.0 or 3DS2) aims to address many of the shortcomings of 3D Secure 1 by introducing less disruptive authentication and better user experience. —the new version of the authentication protocol rolling out in 2019—will be the main method for authenticating online card payments and meeting the new SCA requirements. This new version introduces a better user experience that will help minimize some of the friction that authentication adds into the checkout flow.
Kindly note that in view of the mentioned forthcoming introductions in European regulations, Maxpay is implementing default 3Ds authorization for all initial payments from the EEA cards.
If you have any questions please contact us at firstname.lastname@example.org