• Add
    Company

How Strong Should Customer Authentication be?

iSignthis Ltd (ASX:ISX/FRA:TA8)

Strong Customer Authentication (SCA) is now increasingly a hot topic, with the European Banking Authority (EBA) having just concluded a round of consultations.

The Payment Services Directive 2 (PSD2) requires SCA across all electronic transactions within months, and its going to impact the way Europeans pay.

For wallets, such as Google Wallet, Apple Pay, and to some lesser degree PayPal, the PSD 2, particularly with SCA and the positive card on boarding requirements, will present a challenge.

For Payment Service Providers and merchants, the real risk of cart abandonment should be driving them to seek alternatives to conventional approaches - which is one of the core aims of the PSD2

Visa Europe:

Visa Europe's Peter Bayley recently blogged on the topic of the requirement for Strong Customer Authentication under the PSD2.

Peter said, "PSD2 mandates the European Banking Authority to develop standards to deliver strong authentication for all electronic payments. This states that every electronic payment in Europe has to be verified with 2 out of 3 of the following: something you have (i.e. a card), something you know (i.e. a PIN or passcode) or something you are (i.e. a biometric). While there is support for the concept of strong authentication, there is a strong view that this type of authentication will not be required on every occasion. Sometimes, there are better ways to deliver the same results."

We agree with Peter and almost all of the points raised in his blog. We also advocate a low payment threshold, under which SCA should not be mandated, much like what is in place for low value physical POS transactions (e.g. pay wave)

Paydentity by iSignthis:

The PSD2 is aimed at innovation and competitive solutions, and what could be more innovative than converging payment and identity?

By using the card payment as source of identity iSignthis, meets the PSD2 Strong Customer Authentication requirements, as well as the electronic verification transaction based requirements of the 4th AML/CTF Directive for Customer Due Diligence.

iSignthis thus reduces the inherent friction associated with payment authentication (3D Secure) and the separate and regulated friction associated with KYC, which still relies principally on manual systems for most regulated businesses. The two of these taken separately are major contributors to online abandonment - taken jointly, they present regulator sector business' with massive hurdles to overcome to convert prospective customers.

By combining these we provide a better process for regulated sector businesses including wallets, wagering, gaming, remittance, forex etc.

iSignthis also offer an alternative experience to 3DSecure, which is still 1FA (and thus non compliant for most cases) and suffers from lack of mobile friendliness.

Chargeback Reversal:

The most recent Visa Operating Rules have been changed to allow for chargeback reversal via alternatives to 3D Secure. These changes are possibly as a reaction to the PDS2, however, they are global and included in Visa Europe and Visa Inc rules.

In this context, and subject to the rules, the iSignthis system is being accepted by issuers as compelling and/or irrefutable evidence in order to reverse chargebacks, and has global scope and applicability - as well as satisfying multiple compliance and risk functions.

Compliance:

There has been some confusion amongst Payment Service Providers and merchants as to when the EBA's requirements take effect, and which jurisdictions initially opted out. With the passage of the PSD2 through parliament late last year, all EU member states (including the UK) will need to transpose the requirements within the 18 month transposition period from parliament's vote, with them practically to be in effect within the next 12-14 months.

Our response to the EBA on its latest consultation raised further questions around recurring payments, card vaulting/tokenisation and other challenges that may not have been considered initially.

Talk to us today as to how we can assist regulated and non regulated sector businesses with their SCA and KYC requirements, via a single solution.

Email us at : contact@isignthis.com to start a conversation.

#iSignthis #paydentity #KYC #AML #PSD2 #EDD #payments

Source: https://www.linkedin.com/pulse/how-strong-should-customer-authentication-john-karantzis?trk=prof-post
Disclaimer
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}