Page 1 of 1

Are you ready for the challenge of enhanced authentication and PSD2 regulations?

Posted: Sat Dec 21, 2024 5:11 am
by jrinea.k.te.r0.1
We describe the challenge that SMEs face with enhanced authentication and the keys to turning it into a great opportunity to improve the payment experience.

Knowledge, possession and inherence are the three keys to strong authentication
The new PSD2 regulation will establish greater security in commercial transactions with reinforced authentication
Many businesses of all sizes have a date marked on their calendars: September 14. This is the day that the implementation of reinforced authentication begins , an important legal change that will help shape the payment experience for customers.

Enhanced authentication comes from the new payment services directive, colloquially known as PSD2 as it is the second on this subject, and is accompanied by a set of guidelines greece email list that have been implemented in recent times and that are being one of the major drivers of banking and payment services transformation .

What is Strong Authentication?
This is a new legal framework to ensure that the person carrying out certain operations, such as accessing an online payment account or making an electronic payment, is who they say they are . It will also apply to any other remote channel where there is a risk of some type of fraud or abuse.

Spanish law on payment services defines authentication as a “procedure that allows the payment service provider to verify the identity of a payment service user or the validity of the use of a certain payment instrument, including the use of personalized security credentials of the user.” In short, it seeks to ensure that the user is who he or she claims to be.

The “reinforced” “last name” implies that authentication goes a few steps further. First, it is based on the use of at least two elements categorized as:

Knowledge (something only the user knows) like a key, for example.
Possession (something that only the user owns) like your smartphone , for example.
Inherent (something that is the user) such as, for example, their fingerprint.
Secondly, these elements must be independent . This means that the breach of one does not compromise the others. For example, if, knowing the fingerprint, we could know the password, then security would be at risk.

Image

Third, a strong authentication procedure must protect the confidentiality of identification data .

What types of businesses will be affected by strong authentication?
The impact of strong authentication will be felt in all types of businesses , both in e-commerce and in physical stores. In e-commerce , payment is usually not made by cash on delivery or through a transfer, check or other means of payment made physically. It is normal that digital means are used for payment and, therefore, in most cases strong authentication will be necessary.

In contrast, physical commerce is not as closely tied to physical payment. For example, many transactions are paid via mobile devices, contactless cards , etc. In all these cases, strong authentication is also necessary.

However, users will be able to make up to five payments of no more than 50 euros each and, in total, no more than 150 euros without having to perform a new reinforced authentication. Once these limits have been exceeded, they will have to authenticate again.

Why is strong authentication a challenge?
The goal is very ambitious. It aims to improve the payment experience , something very important in commerce and the provision of services. And it does so by seeking a balance between convenience and security .