SCA in PSD2

UNDERSTANDING PSD2 SCA

The 2nd Payment Services Directive (PSD2) was established by the European Banking Authority (EBA) to drive payment innovation and data security by reducing competitive barriers, mandating new security processes and encouraging standardized technology. Although consumers will see tremendous benefit around security and data protection, issuers and merchants will face new challenges.

The effective date for PSD2’s Strong Consumer Authentication requirement is September 14, 2019; however, Mastercard is requiring that all merchants, issuers and acquirers support EMV® 3DS and Mastercard Identity Check (their EMV 3DS solution) by April 2019.

3-D Secure Timeline 2020

One of the new mandates within PSD2 is what is known as Strong Customer Authentication (SCA). The goal of the mandate is to ensure that fraud is reduced and merchants/issuers in the European Economic Area (EEA) are validating the consumer for all electronic payments.

Authentication is now core to payment processing.

The SCA requirement is defined as having at least two of the following three: 

SCA requirements

Something only the customer has can be a mobile device or a token generator. Something only the customers knows can be a passcode. Something only the customer is can be a fingerprint, facial scan, iris scan or voice recognition. 

MANAGING SCA EXEMPTIONS

EMV 3-D Secure helps to manage exemptions for SCA. As the most updated 3-D Secure protocol, EMV 3DS technologies meet the demands of the current market and is continuously being developed to help fulfill new mandates and requirements.  Unlike previous versions, EMV 3DS is an authentication solution that helps to fulfill the SCA requirement and allows exemptions. Some of these exemptions include exemptions for low value payments, whitelisted merchants, and using transaction risk analysis in some circumstances.

EMV 3-D SECURE

3-D Secure is a set of protocols that authenticates card-not-present transactions. Its benefits include reducing fraud and false declines and increasing good orders, which limits friction for consumers during checkout.

3DS enables merchants and card issuers to use what each knows about their mutual consumer to make better risk decisions. EMV 3DS uses hundreds of data points from the issuer and from the merchant to authenticate the majority of transactions behind the scenes, from any device. Unlike a traditional fraud tool, 3DS does not reject orders, allowing the merchant to save sales that may appear risky. The result is more good orders and more happy buyers!

Using EMV 3-D Secure to help solve for SCA

The objective of the SCA requirement is to achieve security for all digital payment transactions in the EEA. For individual countries, this means electronic payment services will need to adopt new technologies to guarantee the safe authentication of the user and to reduce the risk of fraud.

Many payment processors are using EMV 3-D Secure as a solution to help solve for SCA. EMV 3DS has two-factor authentication capabilities built into its technologies; it also allows merchants and issuers to take advantage of SCA exemptions and reduce checkout friction. There are ten times more data passed with EMV 3DS, so every transaction has greater dimension and context for better risk decisions. Sharing all this data with the issuer happens behind the scenes, with no impact on the consumer, in some cases, during the checkout process.This can create a fast and secure authentication that may result in fewer declined transactions, increased approvals, improved cardholder trust and a better shopper experience.

EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo, LLC.