Report from Signicat and Consult Hyperion provides industry guidance to comply with requirement central to PSD2
Signicat, the world’s first and largest identity assurance provider, has released a white paper with Consult Hyperion to prepare financial institutions for the Strong Customer Authentication (SCA) requirement of the second Payment Services Directive (PSD2). The report, “Strong Customer Authentication in Practice – limitations and possibilities with PSD2”, demonstrates the importance of SCA and highlights the implications for identity and authentication to the payments and commerce industries. It also seeks to provide guidance on how to incorporate SCA into existing services.
SCA is being introduced to ensure consumer identities are secure when paying electronically and to guard against fraud. The requirement will come into effect in Q4 2018, six months after the deadline for all EU member countries to implement PSD2 as national law on 13th January 2018. PSD2 mandates SCA for transactions above €30, meaning Two Factor Authentication will be required to verify the transaction. SCA mandates that authentication is based on at least two of the three elements of Knowledge, Possession and Inherence.
Signicat released the report following concern in the industry that SCA could damage business by creating more friction for the consumer at the checkout. Once SCA is triggered, providers will be forced to look for ways to simplify the transaction process either through exemptions or low-friction SCA. The report seeks to guide the industry on how the requirement will work in practice, who will be expected to perform SCA, and puts forward suggestions to minimize the burden of the authentication process for consumers.
“If not done right, SCA will impose a huge burden on consumers forced to endure a painful authentication process when confirming transactions with a retailer,” said Tim Richards, Principal Consultant, Consult Hyperion. “Providers and banks responsible for implementing SCA must look at ways to simplify the check-out process to ensure a smooth transition to SCA in a post-PSD2 world. The aim of this white paper is to set out the intentions of SCA and to identify how the challenges faced can be addressed.”
“All parties in the PSD2 ecosystem face the challenge of creating a frictionless payment experience for consumers,” said Gunnar Nordseth, CEO, Signicat. “With SCA coming into force in 2018, failing to respond is simply not an option. It’s important that banks and third party providers understand their responsibilities and create systems to both comply with PSD2’s SCA requirements and ease the pain of the process for consumers.”
The report, “Strong Customer Authentication in Practice – limitations and possibilities with PSD2”, is available for free download here.