To understand PSD2 Two Factor Authentication one must know the basics of the Revised Payment Service Directive (PSD2). It all started with the Payment Service Directive (PSD) in 2007, later, the European Parliament in cooperation with the European Commission, found a need for PSD improvements which turned into PSD2. The main updates were made to enhance consumer protection while using digital financial products and payment services. One of the novelties was Secure Customer Authentication (SCA) implementation which requires financial institutions to ensure security by utilising Two Factor Authentication (2FA).”
PSD2 Two Factor Authentication
Before the implementation of the SCA, to make a purchase online, a person had to log into their bank account and make a manual transfer or enter their card details. This method had security issues, was easy to hack and expropriate the funds that are on the account. Therefore, SCA took place to reduce possibilities for fraudulent activities and account takeovers. It requires a user to perform additional steps to verify the ownership and is applied throughout the European Union (EU) and European Economic Area (EEA).
The steps are required to identify the user and are independent of each other. If someone gets hold onto one, the other remains unknown, and the account security can’t be breached.
The SCA is applied when accessing consumers’ payment accounts online to initiate a payment or when a third party carries out a transaction remotely. The 2FA consists of three types of information: something a user knows (password, code, secret answer), something a consumer has (code cards, mobile phone) and something a person is (fingerprint, face scan). However, in the SCA process, only two of them are mandatory, though the use of three is also possible.
When implementing the SCA a business will reduce fraudulent transactions while increasing profitability due to less wasted funds. However, in the beginning, there might be an inconvenience to customers because additional security steps prolong the purchasing process, and they might become impatient leading to cart abandonment. To eliminate this possibility, a business must ensure a seamless 2FA process and focus on the effective development of user experience.
SCA effect on money safety
When cash was the only way to make a payment, the verification process was quite simple. A customer handed over a banknote to a merchant who then checked for watermarks and other security aspects or scanned it with a special device. When finances moved online it became harder to distinguish whether a payment was made by the cardholder that caused the increase in levels of fraud. The UK Finance found that before PSD2 Two Factor Authentication was in place, there were more than £671 million losses on UKs bank cards due to fraud. An incredible increase that amounts to 19% since 2017.
The SCA addition to PSD2 addresses the fraud problem affecting the whole digital payment industry. It introduced Multi Factor Authentication (MFA) for payments over €30 with the 2FA verification of the transaction legitimacy.
In general, PSD2 2FA was created to harmonise user safety as a whole. It benefits all parties involved with digital payments – consumers, businesses, financial institutions and anyone else using digital money.
The main benefit of PSD2 Two Factor Authentication for everyone is reduced fraud, safe and secure funds. However, that’s not all. The SCA added to the financial institutions increase in the competition as businesses can choose their bank according to the fraud rates. The lower the fraud rates the better security is implemented by the bank, thus, a business feels safer and protected. The outcome of this type of competition brings benefits to all due to less payment friction and a secure financial industry environment.