Y O U R Q U I C K G U I D E Strong Customer Authentication
Your Quick GuideStrongCustomerAuthentication
ContentsIntroduction3What is Strong customer authentication?4How will the shopper be authenticated?5Implementation period6SCA Timeline7EMV 3D Secure8How will SCA affect the customer payment journey?9Benefits of upgrading to the latest version of 3D Secure10Activating 3D Secure11Testing12SCA Exemptions13Strong Customer Authentication2
IntroductionThe Revised Payment Services Directive (PSD2) was introduced as a follow upto the original Payment Services Directive by the European Commission, it tookeffect in January 2018. The aim is to bring in new laws to increase customerprotection, foster innovation, and inspire pan-European competition.There are three core components of PSD2:Consumerprotection rightsStrong CustomerAuthentication (SCA)Open banking –third-party accessA key element of PSD2 is the introduction of the Regulatory Technical Standards on StrongCustomer Authentication (SCA), which applies to card-based e-commerce transactions inthe European Economic Area (EEA). This guide will explore SCA, what it will mean for yourbusiness and your customers, and how to prepare for implementation.Strong Customer Authentication3
From 2017—2018card fraud costbusinesses around 760m.What is StrongCustomerAuthentication?Payment fraud losses have been steadily increasing for nearly a decade with littlesign of easing. From 2017 to the end of 2018, losses through card fraud in the UKincreased by 19% – costing businesses around 760 million euros.1Merchants increasingly face a delicate balance between ensuring customersecurity and convenience, while minimising fraud and friction.Strong Customer Authentication (SCA) hasSCA applies to card-based e-commerceimproving customer security whilst reducingcards) where both the card issuer (i.e. financialbeen introduced to help combat fraud bythe liability held against businesses forunauthorised transactions. It makes paymentsmore secure for both your business and yourcustomer by adding an extra layer of protectionknown as two-factor authentication (2FA).1transactions (including digital wallets backed byinstitution with whom the cardholder has arelationship) and the acquirer (i.e. financialinstitution with whom the merchant has arelationship) both reside within the EuropeanEconomic Area Strong Customer Authentication4
How will the shopperbe authenticated?When SCA comes into effect, customers will be required to provide at least twoof the following forms of identification when making a payment:Something you knowSomething you ownSomething you arePasswordMobile phoneRetina scanPassphraseWearable deviceFingerprintSmart cardVoice patternTokenFacial recognitionPINSequenceSecret factThe expectation is for all e-commerce transactions to be processed via secured industry protocolsuch as 3D Secure by September 2021 (with some exemptions, see ‘Exemptions’ section withinthis guide).Strong Customer Authentication5
Implementation periodStrong Customer Authentication was due to come into force on 14 September2019. The Financial Conduct Authority (FCA) has recognised the complexity andchallenges of implementing this directive within the payments environment and hasextended its original deadline, giving UK businesses, banks, and online accountproviders more time to implement the tools and processes for compliance.The current 3D Secure implementation will3DSv2 functionality is now available to Opayoat which time 3DSv2 becomes mandatorygiving merchants an early opportunity to testcompliance in Europe is 31 December 2020.together with an improved user experience atcompliance is 14 September 2021.period, we strongly recommend that merchantscontinue to be supported until the end of 2020,customers on our test and live environments,worldwide. The new deadline for e-commercehow best to incorporate SCA complianceIn the UK, the new deadline for e-commercecheckout. As we approach the implementationtake the necessary steps to activate 3D Secureto avoid any impact to transactions as the rampup begins.Strong Customer Authentication6
SCA TimelineEngagement with providersVisa start pan key transactionsand non-chip enablement fees01January202001February2020Visa issuers live on EMV 3DS 2.1Visa start tracking issuerSCA 020Visa issuers live on EMV 3DS 2.2Mastercard issuers liveon EMV 3DS 2.1 14September2020Compliance16October 2020EU enforcement beginsAcquirer’s recommendeddate for gateways and EMV3DS service providers to becertified for EMV 3DS 2.231December202014UK enforcement beginsSeptember 2021Strong Customer Authentication7
EMV 3D SecureEMV 3D Secure is the standard protocol for SCA when accepting payments overthe internet. It helps to reduce fraud and cart abandonment, whilst seamlesslysupplementing existing data with additional information.EMV 3D Secure2.12.2SCA for connected devices and web purchaseseeNon-payment authentication scenarios, such aspayment card on-boarding to merchant appseeProvides for all available SCA exemption typeseEurope-specific scenarios in support of PSD2, such astrusted beneficiary and delegated authenticationeBiometric consumer user experienceeUpgrading to the latest version will allow you moreflexibility as the merchant. This will also provide youwith the traditional shift in liability expected whenEMV 3D Secure is activated.Strong Customer Authentication8
How will SCA affectthe customer paymentjourney?Today, payments are typically authenticated using 3DSv1 (sometimes known asVerified by Visa, Mastercard SecureCode, Amex SafeKey, Diners ProtectBuy, andJCB J-Secure) where the customer is asked to provide additional authentication datasuch as a password or an SMS verification code.0201The cardholderenters accountdetails03The merchant’s 3D Secureservice provider packages themessage with transaction dataand delivers it to the issuer viaauthentication requestThe issuer’s 3D Secure serviceprovider determines the transactionrisk and may prompt the cardholder toverify their identity, i.e. with a one-timepasswordRisk assessmentCardholderMerchant05Opayo submits3D SecureProgramtransaction forauthorisation with aflag indicating theauthentication resultIssuer04High riskLow riskTypically 5%of transactions95% onrequires noadditionalcustomerverificationThe issuer sendsthe authenticationresult to OpayoFrom March 2020, UK card issuers and/or acquirers will begin to gradually step up payments, requestingfor 3D Secure to be performed with two-factor authentication (2FA). When 3DSv2 is used, around 90% to95% of authentication requests will result in a frictionless authentication, where the customer doesn’t evenrealise that authentication has taken place.Contactless card machine transactions will be subject to new rules. Card issuers are required to promptthe Cardholder to perform a Chip and PIN transaction each time their cumulative contactless spendreaches 150 since their last Chip and PIN transaction.Strong Customer Authentication9
Benefits of upgradingto the latest versionof 3D SecureDuring a 3D Secure authentication, how the authentication is performed is upto the card issuer. It’s possible to achieve SCA with 3DSv1, however 3DSv2makes this much easier.Opayo’s upgrade to 3DSv2 introduces a better user experience:Added security andprotection for yourbusiness and yourcustomersIncreased cardholderconfidence whentransacting with yourbusinessReduced fraud andchargebacks - liabilityshifts to the card issuerFrictionless challengese.g. biometricauthentication usinga fingerprint, facial orvoice recognitionImproved risk-baseddecisions using richcardholder data leading tohigher approval ratesFull support for allavailable exemptiontypes and paymentdevice typesWhen 3DSv2 is enabled, it is estimated that only 5% to 10% of authentications will result inthe cardholder having to be re-directed to their banks 3D Secure page to enter 2FA. Mostauthentication requests will result in a frictionless authentication with an authorisation rate of upto 90%. What’s more, liability for unauthorised transactions passes to the card issuer, saving youtime and money on potential disputes.Strong Customer Authentication10
Activating 3D SecureThe first step to achieving SCA compliance is to activate 3D Secure within yourMyOpayo account. Find out how to do this here.Your integration type determines if you need to make any furtherchanges to support 3DSv2: Form – No change. Fully supports 3DSv1 and 3DSv2 Server – No change. Fully supports 3DSv1 and 3DSv2 Direct – Fully supports 3DSv1. An extra 9 fields need to be submitted for 3DSv2 Pi - Fully supports 3DSv1. An extra 8 fields need to be submitted for 3DSv2Strong Customer Authentication11
TestingIf you are using the Direct integration method, please look at chapter 6 of the draftProtocol 4.00 guide entitled ‘Testing’ found here.For Form and Server integrations, there is nochange with the payment flow or with requestand responses that you will submit to andreceive from Opayo. You can, if you chooseto, try some of the magic values that areFor the Direct integration method, the technicaldocumentation can be found here.For the Pi integration method, the technicaldocumentation can be found here.shown in chapter 6 of the above guide to seethe difference between the frictionless andchallenge flows.How do I know what integration I am on?If you don’t know which integration your website uses, you can find this on MyOpayoby clicking on any successful payment, then choose Additional Details from the leftmenu. You will see the integration in the System Used field.Strong Customer Authentication12
SCA ExemptionsOnce your acquirer has advised of suitable exemptions for your business model, you can requestan exemption on a per-transaction basis when submitting your transaction request to Opayo. If youchoose to use an exemption, any chargeback liability is passed to you for the transaction. The cardissuer may not always agree with your exemption. In this instance, they may return a ‘soft decline’and request that 2FA is performed.Trusted beneficiariesLow Value ExemptionCard issuers will allow your customer to add youRemote transactions up to 30 (or equivalent inwhen they log into their card account. Once theyto 50 (or equivalent in other currencies) do notas a trusted beneficiary, either during 2FA, orhave added you as a trusted beneficiary, you canapply for this exemption so that this applies everytime they shop with you.Recurring transactions orsubscriptionsAfter initial set-up, a subscription or membershipfee consisting of repeat payments of the sameamount to the same payee, i.e. direct debit, will beexempt from authentication. Since your customeris off-session when a recurring transaction isperformed, they cannot be expected to perform another currencies) and contactless transactions uprequire SCA up to a maximum of five consecutivetransactions or a cumulative limit of 100 ( 150for contactless). If the cardholder initiates morethan five consecutive low value payments, or ifthe total payments value exceeds 100 ( 150for contactless), SCA will be required. Pleasenote that currently, only Visa and Mastercardhave released their requirements to supportexemptions. The monitoring of the consecutivetransactions and cumulative limits will be theresponsibility of the issuer.authentication. However, 2FA must be performedDelegated Authenticationyour customer is in-session.participated in a delegated authentication programfor the first transaction of a recurring series, whereTrusted Risk Analysis (TRA)This exemption can be used if you have a lowchargeback rate. Typically, between 1 and 13You can only use this exemption if you havewith the card schemes, where the card schemeapproves delegation of the authentication processto you.chargebacks per 10,000 transactions. It variesSecure Corporate Paymentand including 430 ( 500). You cannot use thisa lodged corporate card (typically used to bookdepending on the transaction amount value up toIf your customer is using a corporate card, that isexemption for transaction values over 430 ( 500).travel for all employees of a company), then thisOverall fraud rates for card payments must notexceed the following thresholds:exemption can be used. It cannot be used forpersonal corporate cards. 0.13% to exempt transactions below 90 ( 100) 0.06% to exempt transactions below 215 ( 250) 0.01% to exempt transactions below 430 ( 500)Strong Customer Authentication13
Quorum Business ParkBenton LaneNewcastle upon TyneNE12 8BXwww.opayo.co.ukELAVON FINANCIAL SERVICES DAC (UK Branch), trading as Opayo.Registered in England and Wales – Establishment No. BR022122. RegisteredOffice at Level 15 City point One Ropemaker Street, London, EC2Y 9AW.
01 Mastercard issuers live on EMV 3DS 2.1 July 2020 16 Acquirer's recommended date for gateways and EMV 3DS service providers to be certified for EMV 3DS 2.2 October 2020 September 2021 14 UK enforcement begins Visa start pan key transactions and non-chip enablement fees 01 January 2020 March 2020 September 2020
Portland Cement (ASTM C150 including but not limited to: Type I/II Type III, Type V, and C595 Type IL; ASTM C 91 Masonry; ASTM C 1328 Plastic; Class G) Synonyms: Portland Cement; also known as Cement or Hydraulic Cement 1.2. Intended Use of the Product Use of the Substance/Mixture: No use is specified. 1.3. Name, Address, and Telephone of the Responsible Party Company Calportland Company 2025 .
HDBaseT Automotive Guaranteeing EMC Robustness over Unshielded Wires and Connectors March 2019 Daniel Shwartzberg Director of Technical Pre-Sales www.valens.com info-auto@valens.com 2 1. Introduction 2. EMC’s Red Light The automobile is one of the harshest electromagnetic environments there is. A multitude of sensitive electronic circuits are fitted in close proximity to many sources of .
on basalt rubble, chaparral shrub (old burn), grassland, and recently-burnt areas which are almost entirely vegetation free. Figure 4 is the HH and HV polarized K-band radar imagery used in this study. Virgin ponderosa pine in this area forms a very open forest with a tendency towards over-mature trees and a grass understory.
Practice OSCE Scenario C Student Information: A 51-year old man comes into the office for right shoulder pain, progressive over the last 3 weeks, aggravated by his work sanding car hoods.
The Careers & Enterprise Company is pleased to have worked on this publication with the Gatsby Foundation. We hope it will be a source of inspiration as you work to ensure all students with SEND get the very best careers and enterprise education. Helping schools and colleges prepare and inspire young people for the fast-changing
to the survey on central bank digital currency by Codruta Boar, Henry Holden and Amber Wadsworth Monetary and Economic Department January 2020 JEL classification: E42, E58, O33 Keywords: Central bank digital currencies, CBDC, digital innovation, money flower, cryptocurrencies, crypto-assets, financial inclusion, stablecoin . The views expressed are those of the authors and not necessarily the .
Central banks around the world also continued to provide extensive liquidity support to facilitate the smooth functioning of financial markets and the flow of credit to the economy. The Governing Council of the European Central Bank (ECB) reinforced its accommodative mon-etary policy stance. The interest rates on the main refinancingoperations .
MUKA SURAT DEPAN . 2 LAMPIRAN C SENARAI SEMAK . Nombor Sebutharga, masa dan tarikh tutup seperti yang disebut di atas dan alamat pejabat yang mengeluarkan sebutharga. Doku men Sebutharga tidak boleh dilipat. Sekian. . hendaklah menandatangani ringkas semua pembetulan.
