Strong Customer Authentication

One of the most important pieces of legislation created to crack down on cyber fraud has come into force. Strong Customer Authentication (SCA) is a critical part of the Second Payment Services Directive (PSD2). This legislation comes at a time when fraud has reached critical levels across Europe, with the European Central Bank estimating the continent suffers from £1.3 billion in online fraud each year. This number is set to increase, as the number of people making payments via digital wallets internationally is expected to skyrocket from 2.3 billion to nearly 4 billion this year.

SCA mandates two-factor authentication for orders over £28, requiring customers to verify their identities based on at least two of the following indicators: something a customer knows, possesses or inherently is. Ahead of the September 14th deadline, however, regulators conceded to the demands of payment service providers – granting an 18-month extension. According to the British Retail Consortium, institutions that were not ready were likely to create "significant disruption to online payments,” with an estimated 25 to 30 percent decline in the number of eCommerce transactions carried out.

Zac Cohen, COO at Trulioo, explains: “There is no doubt the new Strong Customer Authentication security measures will mean changes to how financial institutions and online traders deal with their customers. Security is a delicate balancing act, where on the one hand businesses face the risk of negatively impacting customer experience, and on the other are required to develop strong security standards to prevent fraud.”

“If a vendor is unable to authenticate or exempt a transaction in accordance with Strong Customer Authentication rules, then there is a significant risk that payment processors will decline the transaction, causing merchants to lose sales, negatively impacting revenue. To compensate, merchants would need to minimise friction in other areas, without removing the necessary barriers against fraud and abuse.”

Zac continues: “One technology that promises to smooth the way for Strong Customer Authentication is mobile. Two-thirds of the global population own smartphones, giving a digital identity to an increasing number of individuals. The pervasive nature of smartphones, together with integrated identifying capabilities, has changed the landscape of people’s everyday lives, becoming the guardians of our personal information such as bank account details and medical records.”

“Due to ease of use and convenience, payment companies can leverage advancements in smartphone technology as a way to detect fraud and verify identities. This approach adds an extra layer of security to identity verification, enabling successful compliance with the Strong Customer Authentication directive, while ensuring a secure experience for the end user”.

This post first appeared on Financial IT