What SCA means for you
The introduction of strong customer authentication as of 14 September 2019 has many advantages for Concardis customers, e.g.
- Additional authentication measures which reverse liability of the submitted transaction in favour of the card issuer
- The risk of chargebacks is decreased due to the increased number of authenticated transactions
- Additional values in the authentication process with the cardholder can have a positive influence on the risk classification on behalf of the card issuer
Depending on the technical connection to the Concardis platform, Concardis customers or their technical integrators may, in certain circumstances, need to make adjustments. We, Concardis, will keep our customers up to date with regard to the implementation.
Examples of two-way authentication
‘A smile like no other’ – precisely this characteristic can now be used for identity verification with the new authentication methods. Modern smart devices are capable of recording facial features so clearly that evidence of uniqueness can be derived from the results. This technology uses 3D Secure 2.0 as a new authentication procedure for evidence of ‘Inherence’. Along with the use of your smart device, you have also automatically met a ‘Possession’ requirement and can therefore easily carry out strong customer authentication.
In contrast to the prior 3D Secure 1.0 procedure, the new method also allows for biometric characteristics to be used for authentication purposes.
‘Thumbs down’ doesn’t mean that a transaction should be prevented; instead it means that the cardholder can use their fingerprint as an ‘Inherence’ characteristic for strong customer authentication. This can be done using a suitable fingerprint reader. If this authentication method is combined with a ‘Possession’ or ‘Knowledge’ characteristic, for example the entry of the credit card verification number, then the requirements for strong customer authentication have been fulfilled.
Due to technical restrictions, the prior 3D Secure 1.0 procedure was not capable of transmitting biometric characteristics of a cardholder to the card issuer.
In the opinion of the EBA, the knowledge of certain secrets is no longer sufficient to identify yourself as the initiator of a payment transaction. However, if you combine the knowledge of a (personal) secret (e.g. PIN) with the possession of the credit card (evidenced by the card number), this – in the opinion of the EBA – meets the requirements of strong customer authentication which could also be used under the new SCA requirements from 14 September 2019. The combination of knowledge and possession must be sufficient for the card issuer as criteria for the identification of the payer.
The 3D Secure 1.0 procedure in use today (‘Verified by VISA’, ‘Mastercard Identity Check’, ‘J/Secure’, etc.) can only verify a single factor, and this factor must always be stored centrally by the card issuer. In this regard, the new 3D Secure 2.0 procedure offers significantly more possibilities for authentication.