Nowadays, online transactions can be conducted using multiple internet-enabled devices (computers, smartphones, tablets), making the online shopping experience convenient for both cardholders and merchants. But growth in online and mobile payments brought concerns in other areas such as card-not-present fraud. In order to enhance online payment security Dynamic Linking came into play.
With PSD2 came Strong Customer Authentication. And with SCA came Dynamic Linking; a key component designed to prevent social engineering attacks during the processing of a transaction. It enhances SCA and is a part of the latest 3D Secure 2 upgrade.
SCA is an additional layer of security, based on at least two elements from the following categories:
Dynamic Linking aims to specifically link each transaction to its amount and the recipient of the payment. The end goal is to prevent social engineering attacks such as ''man-in-the-middle'' attack. The fraudster attempts to interrupt the connection established between the payer and the payee and hijacks the authentication code to authorize fraudulent transactions. If Dynamic Linking is applied, a ''man-in-the-middle'' attack won't be successful. This is because the authentication code will automatically fail if either one of the transaction details, transaction amount, or the payee, has been altered.
Article 5 of the Regulatory Technical Standards (RTS) specifies the requirements for Dynamic Linking. Four main requirements are vital when discussing Dynamic Linking, and those are the following:
Implementation of SCA enhanced with Dynamic Linking impacts many participants involved in the online payment chain. To conclude, the main goals of these heightened security measures affecting the payment chain are available in the summary:
To find out more about new features and improvements, contact our regional expert or download the datasheet.