Strong Customer Authentication

The new European regulation and your online business

With online payments becoming all the more common in everyday transactions, the European Union has issued a new directive to enhance the safety of all checkout flows for both customers and businesses in the region.

From 14 September 2019 the new Strong Customer Authentication (SCA) requirement for payments comes into force. This is the latest attempt by the European Central Bank to reduce fraud and make online transactions more secure across the entire European Economic Area.

Physical card transactions do adhere to strong customer authentication in the EU, with the Chip and Pin security protocol applied by all card issuers.  Online transactions, however lack behind in this respect, with less secure transactions being the majority of all internet commerce.

Continue reading to find out what this new requirement entails, when it should be used and how Routee can help your business make the transition in no time.

What is Strong Customer Authentication?

The Strong Customer Authentication requirement is part of the EU Revised Directive on Payment Services and more specifically its latest version, the PSD2. This payments policy has been in the making since 2013 when the European Central Bank issued its recommendations on how to enhance internet payment security and boost online commerce.

This new directive sets the specific requirements for authenticating online payments within the European Economic Area. Every time a customer performs an electronic transaction, Strong Customer Authentication is engaged as a multi-factor authentication process. If the authentication sequence completes by matching two out of three distinct requirements, it validates the payment successfully.

These three requirements are as follows:

Knowledge
Something ONLY the customer KNOWS (i.e. password or PIN)
The customer who is initiating an online transaction will have to know the PIN or password that is tied to the card used for the online purchase.

Possession
Something ONLY the customer HAS (i.e. mobile device, token or smart card)
The customer will need to initiate the transaction through a physical device that he or she owns.

Inherence
Something ONLY the customer IS (i.e. fingerprint or face recognition)
The person initiating the transaction will have to authenticate his or her identity via a successful biometric scan such as a fingerprint or face recognition match.

Once the new directive comes into force on 14 September 2019, your internet business will have to make the transition and comply with the new regulations. Adopt the Strong Customer Authentication to avoid declined payments from financial institutions or card issuers residing in the European Economic Area.

When is Strong Customer Authentication required

All “customer-initiated” online payments will be required to adhere to the Strong Customer Authentication directive. Companies that wish to continue doing business in the European Economic Area are obliged to build an additional authentication process into their checkout flow to support the new payment directive.

“Article 97(1) of the directive requires that payment service providers use strong customer authentication where a payer:

a. accesses its payment account online
b. initiates an electronic payment transaction
c. carries out any action through a remote channel which may imply a risk of payment fraud or other abuses.

These are independent of each other and one does not compromise the reliability of the others and are designed in such a way as to protect the confidentiality of the authentication data.”

Directive 2015/2366/EU

How Routee can help with Strong Customer Authentication

Routee can help your business carry out the authentication requirements using advanced Two-Factor Authentication for both your European and global campaigns.

When sending PINs and passwords to your customers, Routee will find the optimum routing, reaching the recipients’ mobile device on the most appropriate channel. Increase efficiency by automatically excluding deliveries on platforms and mediums that fail to engage.

Instant PIN & password delivery is the Routee way to enhance your business security. Provide a modern, high-quality service to your customers, when they expect it and where they expect it. Create a seamless ecommerce experience that has the power to forge brand loyalty and trust.

Find out more on how your company can benefit from an intelligent communication platform at Routee.net. Make the informed choice that makes all the difference in ecommerce today.