Since September 14 is the second Payment Service Directive (PSD2) in place, a European legislation to make online payments easier and more secure. Part of this legislation is the Strong Customer Authentication (SCA): a two-factor authentication to ensure people a better protection against online fraud.
Before the introduction of this new legislation it was quite easy to make an online payment. For example, if you wanted to make a payment with a credit card it was enough to enter the details of your credit card and you were able to pay. This has been changed with the introduction of the Strong Customer Authentication and now you have to use a second authentication method. The SCA has required that at least two of the following three ways must be verified while doing an online payment:
- Something you know, for example a password or pin code.
- Something you have, for example a phone.
- Something you are, for example a fingerprint or face recognition.
A good example of complying the Strong Customer Authentication is to do a payment with your mobile. Your mobile is the first authentication method (something you have) and using a pin code (something you know) or your fingerprint (something you are) you can comply the second authentication method.
Important to know is that a lot of payment methods already meets the Strong Customer Authentication by using a two-factor authentication. Also the most of the pay methods (via the payment providers) supported by our Pronamic Pay plugin complies to this legislation.
There are some exceptions
Due to the introduction of the Strong Customer Authentication you have to make a second step before you can make the actual payment. The SCA has made some exceptions to prevent payments from being prematurely interrupted. For example, a second authentication method isn’t required when the total amount is less than € 30. However you must comply with the SCA if more than five payments are made and the total amount is more than € 100. Also for recurring payments of the same amount and to the same organization, it’s not necessary to comply to with new legislation.