You may have heard the terms PDS2, SCA and 3D Secure being used here and there in recent months, and for good reason. They are part of the terminology introduced by the new regulations that came into force for merchants in much of the EU in April and will be fully mandated on September 14th, 2019 for payments in all EU/EEA countries that fall within the scope of the directive.
Learn the lingo
Before we get into the practical implications of the new regulations, let’s take a moment to get the terminology straight.
PSD2 determines which transactions require Strong Customer Authentication. SCA is the method of authentication mandated by PSD2. For e-Commerce transactions, it is mostly fulfilled with 3DS 2.
The Second Payment Services Directive – PSD2 – went live in January 2018, with the aim of creating an open banking market, with faster, safer and more transparent payments.
In part, PSD2 will achieve this by:
- Enabling third parties, such as payment providers and fintech companies, to directly access consumers’ bank data via secure APIs (with the consumer’s consent).
- Using Strong Customer Authentication (SCA) methods to protect both consumers and merchants from fraud.
Did you say “strong” customer authentication?
The idea behind Strong Customer Authentication, as required by PSD2, is that it enables merchants, acquirers and issuers to clearly identify the shoppers in real time and make sure that their payments are authorised. In doing so, it makes online payments more secure and reduces fraud.
Once the SCA requirements come into effect in September 2019, consumers will have to be authenticated with at least two of the following types of information:
- something they know (e.g., a password, PIN or a secret fact)
- something they own (e.g., their mobile phone, a wearable device or a token)
- something they are (e.g., their fingerprint, facial features or voice patterns)
Note: there are exceptions to the SCA requirement – we’ll deal with those separately in another post.
So, what’s 3D Secure got to do with this?
Regardless of the PSD2 efforts, the card schemes realised that 3D Secure (3DS) as we have known it, needs improvement. 3DS is an authentication standard supported by most card schemes in the world. Consumers simply didn’t like the 3D Secure 1 experience, especially if they were trying to make a payment on a mobile device. They’d abandon their shopping cart rather than go through an additional layer of security. This resulted in lower conversion rates and lost revenue for businesses, which caused many merchants not to include 3D Secure as part of their checkout flow.
So the card schemes created a new version of the 3D Secure protocol, with improved authentication methods that seamlessly integrate into the checkout process, in a way that lowers impact on conversion.
The new protocol better supports mobile payments and employs new authentication methods, such as biometrics, supported by today’s smartphones, tablets and computers used by online shoppers.
With most checking happening behind the scenes and seamless for the shopper, the checkout experience is quicker and smoother.
And the good news is, 3D Secure 2 is also compliant with the PSD2 requirements for Strong Customer Authentication, so with one solution you can enjoy the benefits of 3D Secure and be compliant with the regulation.
More than just authentication
So far, we talked about new online payments regulations and what is needed in order to fulfil them.
Credorax has added these capabilities into the transaction flow. After integration to our Smart 3D Secure solution, you will be able to enjoy a better customer checkout experience and a smart optimisation engine that analyses each transaction in real time to best support your business needs.
In the next post, we will cover what you need to do to make sure you’re fully prepared for PSD2 and the 3D Secure 2 requirements.
Contact our payment experts for further information on our 3D Secure solution: firstname.lastname@example.org