What is PSD2 and How Does Strong Customer AuthenticationFit In?
PSD2 is the second incarnation of the European Union’s Payment Services Directive. The primary function of PSD2 is to level the playing field between Fintechs and banks while also attempting to make Card Not Present (CNP) transactions more secure through Strong Customer Authentication (SCA). PSD2 is having a hard time actually going into effect due largely in part to confusion on what makes a business compliant. Fortunately, TeleSign can help provide some clarity.
SCA was supposed to become mandatory in September, but the European Union granted a delay until December 2020 giving companies an extra year to decide on their PSD2 compliance strategy. Before we recommend the best course of action, let’s learn a little more about SCA.
What Does Strong Customer Authentication Mean?
SCA effectively mandates Multi-factor Authentication (2FA) for all CNP transactions over $33. A consumer that buys diapers online will no longer need just a credit card or a log-in, they will need a second factor such as a one-time passcode (OTP) delivered via SMS.
SCA mandates that one needs two of three factors:
- Something you know (password)
- Something you have (device)
- Something you are (biometrics)
The easiest route to compliance is to simply turn on 2FA, something TeleSign has pioneered since 2005. TeleSign sends billions of OTPs via SMS monthly. As the innovator of phone-based verification, we are able to implement this quickly.
The workflow within these CNP transactions is extremely painless, once you enter your credit card credentials you will merely be sent an OTP as an extra security protocol. Most smartphones have a functionality at this point that can pull OTPs from the device to auto-populate, so the friction and churn should be negligible. As more global platforms move to required multi-factor authentication, most consumers will be very familiar with the process.
There are other ways to navigate SCA especially for high value transactions. TeleSign can layer data intelligence paired with machine learning on top of 2FA for additional security. In certain instances, pulling carrier data about a user can remove the need for multifactor authentication, removing a step from the purchase process and eliminating possible churn. TeleSign can also add SIM Swap protection to your platform preventing even the most creative fraudsters from hacking your users.
However, the easiest way to stay on the right side of the law is to turn on 2FA for every Card Not Present transaction. Not only will it keep you compliant with the SCA component of PSD2, 2FA was recently shown in a Google study to prevent 100% of automated attacks. Keep your platform complaint and keep your users safe. It’s a win, win.
TeleSign has been connecting and protecting online experiences for over 15 years. We support 21 of the 25 largest web properties in the world and we’re prepared to help you. Contact TeleSign now and learn more about how to keep your users safe and company compliant with PSD2.