Khabza Career Portal

Addressing the Biggest Concerns Regarding PSD2 Strong Customer Authentication Requirements

There’s a lot of excitement and apprehension regarding the Revised Payment Services Directive (PSD2). eCommerce vendors expect a host of changes because of the Strong Customer Authentication (SCA) requirements of the revised directives.

PSD2 was conceptualized and passed in 2015. Since September 14, 2019, it is in full effect and will act as the central framework for all payment service providers (PSPs) operating within the EU.

Since PSD1 didn’t envisage technologies like mobile payments, facial recognition, online wallets, the European Commission felt the need to address the legal uncertainties surrounding these new technologies. The main aims of PSD2 are –

If PSD2 will benefit all parties, why is there so much concern about these directives? Because even well-intentioned regulations often expose massive gaps in payment processes. These gaps are viewed as ideal opportunities for fraudsters. They exploit the vendors who are using outdated fraud prevention tools that don’t incorporate PSD2 requirements. Old fraud prevention tools simply aren’t good enough to deal with modern-day cybersecurity threats.

The Cybersecurity Arms Race 

Even though the PSD2 promises to reduce online fraud, organized crime rings are well-prepared to use automation, large amounts of stolen data, and other tricks to go past these security measures. So, an increase in fraud attempts is almost guaranteed. In the US, online vendors are experiencing 344 fraud attempts every month in 2020, compared to 277/month in 2019. PSD2-compliant vendors will be able to resist these attempts. Hence, fraudsters will shift their focus to vendors who aren’t equipped with PSD-compliant security tools.

Overall, the vendors are facing pressure from two areas –

So, vendors will have to balance both of these sources of pressure using sophisticated fraud prevention tools. Thankfully, leading fraud prevention software manufacturers are readying themselves for these challenges by incorporating technologies like machine learning (ML), digital identity analytics, and customer behavior tracking to stay a step ahead of the fraudsters.

Strong Customer Authentication (SCA) and Its Impact on Vendors

SCA or 2FA (two-factor authentication) is an online payment security measure recommended by the European Commission. It was rolled out under PSD2 and asks payment service providers to carry out authentication processes that include at least two of these three elements –

PSD2 dictates that SCA must be applied to all customer-initiated digital payments within the EU (except for some exceptions). By compelling all vendors, financial institutions, and payment service providers to initiate two-factor authentication while processing online payments, SCA guarantees a much safer eCommerce environment. But, the implementation of SCA across the world has been extremely inconsistent. According to multiple reports, many national and central banks are yet to implement full-fledged SCA.

These delays are being caused by –

Thankfully, regulators have given financial institutions, private PSPs, and vendors enough delays. These delay periods should be used to communicate these updates to consumers. If SCA is not implemented efficiently across all institutions, experts anticipate fraud losses from eCommerce to amount to $48 billion by 2023.

How Can Vendors Implement PSD2 and SCA?

To implement PSD2 and SCA most effectively, vendors must –

Exit mobile version