According to the new regulations, Strong Customer Authentication is defined as:
“…an authentication based on the use of two or more elements categorized as knowledge (something only the user knows), possession (something only the user possesses) and inherence (something the user is). These must be independent from one another, in that the breach of one does not compromise the reliability of the others and is designed in such a way as to protect the confidentiality of the authentication data.”
The regulation also requires that payment service providers “use strong customer authentication where a payer:
- accesses its payment account online;
- initiates an electronic payment transaction;
- carries out any action through a remote channel which may imply a risk of payment fraud or other abuses.
HISTORY OF STRONG CUSTOMER AUTHENTICATION
The effort to pass the new Strong Customer Authentication regulations dates to January 31, 2013. On that date, the European Central Bank (ECB) issued its recommendation to increase security for online payments. Following that, the European Commission drafted a proposal to update the Payment Services Directive, the result was PSD2 which added in the Strong Customer Authentication. This will be a “legal requirement for electronic payments and credit cards.” The EU recently extended the deadline to December 31, 2019.
CYBERSECURITY IN EUROPE AND BEYOND
Cybersecurity is something every country is prioritizing and for good reason. The statistics are staggering. The Erjavec Group, a leading global information security advisory firm with offices in the United States, Canada and the United Kingdom, recently released its Official Annual Cybercrime Report. It predicts that the global cost of cybercrime will hit $6 trillion in 2021, up from $3 trillion in 2015.
The National Crime Agency says cybercrime accounts for 50% of all crimes in the United Kingdom. And according to the European Agency for Network and Information Security, “information theft, loss or attack” is now the biggest crime against an organization, surpassing physical threat in 2017. And according the Imperva 2019 Cyberthreat Defense Report, 78% of the organizations surveyed had been affected by a cyberattack. The growing cyber threats were a driving force behind the new SCA Requirements.
MEETING THE NEW SCA REQUIREMENTS
Strong Customer Authentication requires merchants to use at least two of the following three elements when authenticating a purchase:
-
Something the customer knows: password, passphrase, pin, sequence or secret fact
-
Something the customer owns: mobile phone, wearable device, smart card, token or device
-
Something the customer has: fingerprint, facial features, voice pattern, iris format, DNA
Red Maple is fully prepared to help merchants meet these new SCA requirements with StagedPay. StagedPay is Red Maple’s revolutionary, cloud-based solution for merchants processing Card Not Present (CNP) transactions. StagedPay provides merchants with a system that complies with Strong Customer Authentication (SCA), by using an email or phone number as a means of verifying identity for credit card transactions and enhancing credit card security.
Watch StagedPay Capabilities from Media Insiders on Vimeo.