Strong Customer Authentication:
Be ready with ScreenWiZeTM
“PSD2 aims to make payments safer, increase consumers’ protection, foster innovation and competition while ensuring a level playing field for all actors, including new ones which were not regulated by the first version of the Payment Services Directive.”
European Payments Council (2018)
PSD2 is independent of 3DS 2.0. While PSD2 is a pure European Regulation that applies for EU-based customers and merchants, 3DS 2.0 is the evolution of 3DS applied globally to improve online shopping security. Hence, we are talking about PSD2 and not about 3DS 2.0 in this section.
Strong Customer Authentication (SCA) is at the core and most visible change for consumers that will be introduced by PSD2 during 2019. The principle of SCA is to ensure customer protection via an increased level of security of electronic payments. In short, SCA requires a customer (individuals and corporates) in future to provide two of the following:
1. Knowledge: Something only the user knows such as PIN, password, etc.
2. Possession: Something only the user possesses such as card, mobile phone, security key, etc.
3. Inherence: Something the user is such as biometric features or behavioural biometric (fingerprint, face recognition, spending patterns, behavioural patterns, etc.)
when doing any of the following online activities:
1. Online banking: Access to a payment account including aggregated views
2. Electronic payment of any sort
3. Any action carried out through a remote channel that may imply a risk of payment fraud or abuse
— Remote transactions up-to €30.00, but only €100.00 per day or 5 consecutive payments
— Contactless card payments up-to €50.00, but only €150.00 per day or 5 contactless consecutive payments
— Unattended payment terminals for transport fares and parking fees
— Online transactions towards a trusted beneficiary
— Corporate payments if dedicated payment processes and protocols are used
— Online payment account access for up-to 90 days after SCA has been done
— When fraud and chargeback rates observed but the payment service are lower than the pre-set reference fraud and chargeback rates
— Transactions in case the PSP has a real-time transaction monitoring system that monitors at a minimum the following:
– Previous spending pattern
– Transaction history of payer and payee
– Location of payer and payee at the time of the transaction
PSD2 foresees that the payer can claim full reimbursement from their PSP in case of an unauthorised payment if there was no SCA measure in place and if the payer did not act fraudulently.