Regulatory changes for payments industry
You WILL NOT be affected if you.......
• process Mail Order or Telephone Orders (MOTO)
• process Chip and PIN transactions
You WILL be affected if you.......
• accept eCommerce payments including card on file and wallet
• process Contactless transactions
What is changing?
Strong Customer Authentication (SCA) will become mandatory under the new European Payment Service Directive (PSD2) on 14 September 2019. It is being introduced to help prevent fraud across online and remote card payments.
Once introduced, Merchants need to be able to accept a two-factor authentication process at checkout to remain compliant. If the required level of authentication is not provided to card-issuing banks when required, transactions will be declined.
What is SCA?
Strong Customer Authentication (SCA) requires cardholders to complete an additional verification step with the Issuer. In order to prove they are who they say they are, consumers will be asked to present two or more of the following things:
Something you are
e.g fingerprint, face recognition (biometric data)
Something you know
e.g Password or PIN
Something only you have
e.g plastic card, mobile device or token generator
The authentication process will vary by bank and therefore customers may have a different online experience depending on their payment method used. For example, some banks may offer biometric authentication methods through their mobile banking apps using fingerprint or facial recognition technology, while some may choose to authenticate by entering a one-time password received via a text message.
If additional verification is requested, then typically an online journey will look like this:
In addition to online transactions, for a customer using contactless method of payment at a terminal, they may be asked to authenticate themselves by asking them to enter their PIN when certain criteria is reached.
For many consumers, customer authentication will be a new experience. In order to avoid increased cart abandonment, you can help educate your customers about how SCA may affect their customer journeys and reassure them as to what they may expect during a SCA challenge.
Why is EMV 3D Secure 2.0 (3DS2) important?
Seamless payments are important to you and your customers. So when two-factor authentication comes into effect, it is important to create a frictionless online checkout journey. By processing payments using the upgraded 3DS2, payment services providers and card-issuing banks can support smoother authentication experiences for customers whilst complying with the new SCA requirements.
From 14 Sept 2019, where applicable, 3DS2 will be automatically applied to transactions when it is supported by the cardholder’s bank. Where 3DS2 isn’t supported by the bank initially, then the transaction will fall back on 3DS1 for authentication.
For transactions that a card-issuing bank deem to be low risk or where exemptions apply, these will be processed and the customer will not be asked for any additional input. For all other transactions, a customer will be required to provide additional information to prove who they are.
Initially it is recommended that transactions are always processed using 3DS to provide the greatest possibility of a payment being authorised.
How Monek is supporting the change?
Monek is committed to helping our customers to get ready for the changes and to make the transition as seamless as possible:
- If you are not already processing payments using 3DS1, then we will auto enrol all customers and will automatically switch on prior to 14 Sept
- All customers will be registered for 3DS2 and will be automatically switched on prior to 14 Sept. New API documentation will be provided where applicable