‘Targeted authentication’ vs. ‘strong customer authentication’

Shares

After extensive negotiations between the European institutions, the revised Payment Services Directive (PSDII) entered into force in early 2016 and becomes applicable to member states from 13 January 2018. The principle goals of the landmark Directive are to improve the security of online payment services, open the online payments landscape up to new innovative solutions and reduce online fraud.

graph

Figure 1: Card Not Present Fraud for payment cards issues within SEPA

‘Strong customer authentication’

In order to ensure customers have the utmost level of protection from fraudulent payment transactions when purchasing goods and/or services online, the PSDII mandates for the application of ‘strong customer authentication’. Strong customer authentication (SCA) is defined as an authentication based on the use of two or more elements that are independent from each other, so that the breach of one does not compromise the reliability of the others. Elements qualifying for under SCA are categorized as knowledge (something only the user knows, e.g. PIN), possession (something only the user possesses, e.g. e-Tokens, OTPs) and inherence (something the user is, e.g. fingerprints, voice verification).

While SCA ensures a high level of customer protection by requiring customers’ active intervention in the authentication procedure, this shifts the consumer’s attention from the purchasing experience, resulting in a measurable increase in payment abandonment and a decline in merchants’ conversion rates.

Ecommerce Europe believes that this rigid focus on strong customer authentication would have a damaging impact on the future competitiveness of the European e-commerce sector, as it fails to strike a balance between ensuring customers’ security and checkout convenience.

‘Targeted authentication’ – ensuring secure and convenient online payments

To stimulate the success of the European e-commerce industry, an efficient and well-functioning payment landscape encouraging a cross-border Digital Single Market is crucial. Consumers in Europe have grown used to a high level of convenience and security when purchasing products and services online. A one-size-fits-all approach to managing risk would stifle important innovations in payment fraud prevention, risking the strong growth the European e-commerce sector has enjoyed. Particularly in a world increasingly defined by mobile devices and (m)-commerce, a rigid focus on strong customer authentication threatens customer-focus without offering a technologically neutral alternative.

As a result, Ecommerce Europe strongly believes in supporting alternative, risk-based methods of authentication as a viable supplementary alternative to strong customer authentication.

A recent study by the consultancy Clever Advice demonstrates that ‘Targeted Authentication’ provides a better and safer alternative to strong customer authentication. Targeted authentication, which tailors the level of customer intervention to the risks associated with each transaction, offers fraud prevention levels matching those of SCA without imposing unnecessary burdens on the customer’s checkout experience.

Supporting fraud prevention through flexibility

Mandating a one-size-fits-all approach, which fails to adapt to new parameters and fraud patterns, offers fraudsters a static target. In light of ever more sophisticated fraud patterns, dynamic authentication methods such as risk management, targeted authentication and indeed developments in biometric authentication, are more effective means to ensure the security of electronic payments.

Ecommerce Europe thus calls on the European institutions to strongly consider a technologically-neutral approach to payment security while carefully balancing its approach to strong customer security with the need to ensure the highest levels of user friendliness. Ecommerce Europe’s view is that the inclusion of targeted authentication as a supplementary alternative to SCA would represent the optimal regulatory approach.

The full article is available in the  Online Payments and Ecommerce Market Guide 2016   of  the  Paypers  .  Please download your free, printable PDF copy by visiting The Paypers Reports section HERE.

Shares