Strong Customer Authentication (SCA)

On 17 October 2019, the German Federal Financial Supervisory Authority (BaFin) set 31 December 2020 as the end of the grace period for the non-use of strong customer authentication for card payments carried out online. BaFin also announced that it will incorporate into its supervisory practices the milestones and data to be reported as determined by the European Banking Authority (EBA) for the purpose of supervising and monitoring progress.

Concardis intends to make use of the relief within the framework of the BaFin provisions. As a merchant, you will be informed separately on the basis of the Concardis migration schedule about any potential upcoming migration information and tasks.

 

Strong customer authentication
The European Union is making online retail even more secure!

The objective is to create a trustworthy environment both for the merchant as well as for the customer. Additionally, this will reduce the risk of abuse, which in turn means cost savings for the merchant.

Previously optional guidelines became obligatory as of 14 September 2019. However, due to the determination of BaFin, implementation of this obligation is to be done by 31 December 2020 at the latest. The European Banking Authority (EBA) demands the clear authentication of the payer with at least two of the following elements.

KNOWLEDGE

KNOWLEDGE

PIN, password and other security questions

whose answers are only known to the customer.

POSSESSION

POSSESSION

Smartphone, token and other objects

which are only in the customer’s possession.

INHERENCE

INHERENCE

Fingerprints as well as all aspects and biometric characteristics

which identify the individual customer.