The latest PSD2 regulation (the second Payment Services Directive by the Europen Union) required the implementation of Strong Customer Authentication (SCA) as a means of heightened security measures during the processing of online payments. Luckily, 3D Secure 2 is fully in line with the PSD2 directive and includes SCA as a key feature that promotes safer-than-ever online payments.
As a part of the PSD2 regulation launched in September 2019, Strong Customer Authentication (SCA) requirement came to life. The regulation covers types of payments that are within the SCA scope; as well as payment scenarios that are not subject to the new requirement. To learn more about this topic, we prepared a short read covering the definition of SCA, how it works, and online payment scenarios in which SCA is not necessary.
Strong Customer Authentication (SCA) is an additional layer of security for online payments. To make this definition more precise, SCA is based on at least two pieces of information from the following categories:
What this means in practical terms, consumers will perform additional checks in order to verify their authenticity.
Dynamic Linking additionally enhances SCA, which aims to prevent social engineering attacks such as the ''man-in-the-middle'' attack.
To ease the online payment process for both cardholders and merchants, PSD2 includes SCA exemptions; online payment scenarios that are not subject to the new requirement. It is important to emphasize that not all SCA exemption transactions will be automatically exempt. The issuing bank is the one that has the last word on whether the exemption is valid or not. In other words, even if the transaction meets all the criteria to be classified as an SCA exemption; the cardholder might still have to authenticate themself using the standard SCA method if the issuing bank requires such an approach.
Following transactions are classified as SCA exemptions:
Low-value transactions – online payments under 30 euros; limited by a number of possible low-value transactions daily or by a cumulative value spent in a predefined time period.
Subscriptions and recurring payments – transactions whose value is the same each time a payment is being processed.
Transaction risk analysis – transactions that are low risk based on predefined technical criteria rather than the transaction's value.
Whitelisting – a cardholder can flag individual online merchants as ''trusted'' with their issuing bank in order to avoid SCA during the checkout process.
Luckily for merchants and issuing banks, 3D Secure 2 is fully aligned with the PSD2 directive. It includes SCA as a key feature that promotes safer-than-ever online payments.
Security concerns are not the only ones being taken care of by implementing the new 3D Secure 2 protocol. This upgrade solves the issue of high cart abandonment rates, promotes ''frictionless authentication'' and does not interfere with user experience.