English
PSD2 is the second iteration of the ‘Payment Services Directive’ (PSD), a European Union (EU) directive first introduced in 2007 to regulate payment services and payment service providers (PSPs). PSD allowed for better pan-European competition and participation in the payments industry while threatening to break-up the banking industry’s monopoly on facilitating secure online payments. Many are concerned about the implications of adapting to SCA under PSD2 but they need not be.
GPayments, a well-known 3D Secure vendor for over 15 years, is introducing a new version of ActiveAccess, its innovative authentication platform, which supports 3D Secure, 3D Secure 2, and SCA, using its multi-factor authentication module.
Strong customer authentication (SCA) is defined as “an authentication based on the use of two or more elements categorised as knowledge (something only the user knows), possession (something only the user possesses) and inherence (something the user is). These must be independent from one another, in that the breach of one does not compromise the reliability of the others, and is designed in such a way as to protect the confidentiality of the authentication data.”
With the general shift towards online services, there is a greater need to authenticate the identity of users during transactions and banking activities, in order to:
The development of PSD2 (the second Payment Services Directive by the European Union) has seen some strong overlap with certain functions of the new 3D Secure 2 protocol, especially when it comes to SCA (Strong Customer Authentication), including TFA (Two Factor Authentication) and OTP’s (One Time Passwords).
3DS2 adapts to SCA using MFA (multi-factor authentication) which includes OTPs, biometric authentication such as fingerprints or facial recognition, and QR codes than can be scanned by mobile applications.
3DS2 adapts to SCA using MFA (multi-factor authentication) which includes OTPs, biometric authentication such as fingerprints or facial recognition, and QR codes than can be scanned by mobile applications.
The good news for merchants and issuers is that 3DS 2 fully aligned with the principles established in PSD2 and can provide the following benefits to Merchants, Issuers, and consumers.
Merchants will be able to offer a consistent, easy-to-use service across multiple payment gateway platforms and digital media during transaction authentication; this will help combat the 3D Secure issue of high cart abandonment rates.
Issuers can improve ‘frictionless authentication’ by way of richer data exchanges. Additionally, cardholders will be able to choose their preferred medium for making purchases – thanks to multi-factor authentication functionality – without compromising on security.
Consumers want a convenient and secure service when carrying out eCommerce payments; 3D Secure 2, along with the corresponding 3DS Server and ACS technology, will provide these benefits, adding efficiency with little to no impact on applications and payment gateways that customers are already familiar with.
GPayments’ authentication suite consists of ActiveAccess is an EMVCo compliant Access Control Server which offers a multi-factor authentication service for internet banking, mobile banking, and eCommerce transactions, with or without card schemes’ directory servers. This provides banks with a flexible, cost-effective solution for their eBanking customers.
GPayments’ ActiveAccess Multi-Factor Authentication module provides the required services outlined under ‘Strong Customer Authentication’ in the PSD2 guidelines. This authentication service allows banks and financial institutions to provide their end-users with a secure mechanism for accessing their internet and mobile banking portals. Supporting a range of devices, ActiveAccess provides organisations with flexibility now and in the future, allowing the deployment of one or many devices simultaneously, from any vendor, by providing an authentication layer, which hides the device-specific intricacies of the authentication process.
ActiveAccess will support each of the following requirements, which need to be met during a dynamically linked transaction:
The payer must be aware of both the transaction amount and the payee at all times
Authentication tokens must be specific to the amount of the transaction and to the payee
The underlying technology must ensure the confidentiality, authenticity, and integrity of:
The authentication tokens must change if any changes are made to the amount of the transaction and/or the payee
The channel, device or mobile application, through which the information linking the transaction to a specific amount and payee is displayed, must be independent or segregated from the channel, device or mobile application used for initiating the electronic payment transaction
As a sister company of GPayments, MemberCheck is dedicated to delivering cutting-edge services that empower your business to proactively manage risk and comply with regulatory requirements. Imagine blending MemberCheck with GPayments' solutions; a powerhouse duo engineered to strengthen your fraud prevention and risk management strategies. As GPayments' solutions help you combat chargebacks, false declines, and maintain compliance with regulations like SCA and PSD2, MemberCheck strides alongside to keep you aligned with AML/CTF regulations while safeguarding your reputation.
Visit membercheck.com for More Information
Sales/ Other Requests
Our AML Risk &
Compliance Solution
Fraud prevention solutions from a market leader of over 20 years, safeguarding the payment ecosystem end‑to‑end through industry standards such as EMVCo 3D Secure and global card scheme authentication programs.
