Date: Thu, 28 Mar 2024 17:37:08 +0100 (CET) Message-ID: <1006390137.33482.1711643828862@atlf1p2.dc1lan.local> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_33481_1773795427.1711643828862" ------=_Part_33481_1773795427.1711643828862 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
The new Payment Services Directive (DSP2) initiated by the European Comm= ission has been applied since 01/13/2018.
Objective: Strengthen the security of online payments= p>
The European Banking Authority (EBA) has developed implementing measures=
called Regulatory Technical Standards (RTS) which will come on 09/14/2019.=
DSP2 will make SCA (Strong Custo=
mer Authentication) or two-factor authentication mandatory for online trans=
actions.
To strengthen the protection of b= uyers during remote payments, the PSD2 makes mandatory SCA (Strong Customer= Authentication) authentication, also known as =E2=80=9Ctwo-factor authenti= cation=E2=80=9D.
Strong buyer authentication requires verification of at least two of the= following 3 factors:
which are independent of each other in the sense that the compromise of = one does not lead to the compromise of the other.
Although not recognized as a strong authentication method by the Europea= n banking authority, the SMS-OTP will still be used until new methods (biom= etrics for example) take over.
This method, adopted massively by= buyers, has helped to significantly lower the fraud rates for e-commerce c= ard payments. It is currently the most common among banks (86%).
PSD2 applies to banks and not to = merchants, which means that issuing banks that accept non-compliant transac= tions run the risk of being outlawed.
All transactions are not subject to RTS (see out-of-scope cases and exem= ptions).
Strong authentication impacts the= user journey and the acceptance rate, in particular on mobile, so it shoul= d only be triggered for risky transactions.
The objectives for the merchant are therefore:
We provide you with the tools to achieve these goals.
The rules describing SCA are tech= nically neutral and do not impose any particular method.
The 3DS V2 protocol provides a mechanism which enables strong au= thentication to be carried out in accordance with the DSP2.
The main advantage of 3DS is to shift the responsibility for possible fr= aud from the merchant to the card issuer, which reduces chargebacks.
However, many merchants do not use the 3DS solution due to loss of conve= rsion rates and service costs.
As a reminder, the main disadvantage of the 3D-Secure 1.0 version :
Major developments in the new 3-D Secure 2.0 specification.
Functionality |
Profit |
---|---|
Risk-Based Authentication (RBA) |
Allows frictionless authentication, without c= hallenge, for the cardholder. |
Data-driven risk management |
Use the following data to assess the payment = risk:
|
Native mobile devices support |
Designed to support native mobile interfaces,= thus providing the buyer a fluid experience to the m-commerce = buyers. |
Flexible integration in the merchant's custom= er journey |
Allows the merchant to embed seamlessly the a= uthentcation in the checkout process, thus maintaining a consistent user ex= perience. |
Support for biometrics and other method= s |
Reduces friction in the user experience. <= /td> |
Flags in messages to support derogations rela= ted to DSP2 |
Allows meAllowserchantts andnd acquiirers to = tto tellll isssuwheetheyrs wwhen they wato nt to applyy aan exemption aand = ttakeke responsiibilityy for theforthe transaction. |
The =
biggest difference with 3DS 1.0 is the =E2=80=9Cfrictionless=E2=80=9D flow =
which allows the issuer to approve a transaction without cardholder interac=
tion based on risk-based authentication performed in the ACS.
3DS 2.0 solves several technical issues of 3DS v1.0. Such as optimizing =
buyer journeys, making the payment process smoother for browser and inapp p=
urchases, the introduction of a frictionless authentication flow and enhanc=
ed security.
3DS V1 authenticatio=
n will remain possible until the end of 2020. From 2021, all 3DS authentica=
tions must use version 2.
The 3DSecure authentication metho= d will meet the requirements of RTS - SCA from 09/14/2019.
We must however distinguish the following cases:
In any case, we recommend that you consider migrating to the 3DS= V2 protocol now in order to be ready to benefit from its advantages and in= particular frictionless.
In order to integrate the 3DS V2 protocol, please consult the following = article 3DSv2 :