20 Sep New Enhanced Customer Authentication: a radical change in e-payment services in Europe
Advancements in technology also result in increased security risks regarding electronic payments. Therefore, the new enhanced customer authentication is designed to establish necessary measures aimed to ensure the protection of users within e-commerce.
On 14.09.2019, the new Strong Customer Authentication (SCA) will enter into force as one of the consequences of a wider change provided by the new Payment Services Directive (DIRECTIVE (EU) 2015/2366 OF THE EUROPEAN PARLIAMENT AND COUNCIL, of 25 November 2015 on payment services in the inner market, and amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010 and repealing Directive 2007/64/EC).
The aim of this new standard is threefold: (i) to improve the security of electronic payments by protecting them from certain dangers against various types of fraud, (ii) to encourage the introduction of innovative payment systems and (iii) to be an international point of reference beyond EU borders.
The new regulation will apply whenever an electronic payment is made. Not limited to online payments, it can also apply to in-store commerce (e.g. contactless debit or credit card purchases).
How it works
The new enhanced authentication requires a two-step verification for most electronic payments, using at least two of the three so-called authentication elements:
1.- Something the customer knows (a PIN or password),
2.- Something the customer owns (such as a smartphone);
3.- Something that identifies the customer (biometric facial features or fingerprint).
In other words, a classic credit or debit card with an expiry date and security number will no longer be sufficient to make payments. However, in some cases, it may be decided not to apply enhanced authentication, e.g. in point-of-sale terminals using the contactless system up to five times and under certain circumstances, in self-service payment terminals, in transportation and car parks, in instances of transfers between two bank accounts of the same person, etc.
The goal of the new enhanced authentication is to reduce fraud, as well as the cost of detecting fraudulent transactions, and increase European citizens’ confidence in payment transactions and online commerce in general. In this manner, transactions that do not comply with the established requirements will be automatically rejected by the bank.
Long-term, enhanced authentication should become a key element in e-commerce security. This should be an incentive to incorporate new forms of contracting and to make digital payments more secure.