New Authy API Features for PSD2-compliant authentication
From 14th September 2019, millions of European consumers will experience a change in the way they complete online payments. A new European banking law, PSD2, will mandate a stronger form of two-factor authentication (2FA) for all online and over-the-phone payments. This extra layer of friction will impact conversion and sales for online businesses.
Twilio has been hard at work to help businesses navigate this massive change and minimize impact. We’ve updated both the Authy API and our free Authy app to help you meet all the requirements of Strong Customer Authentication (SCA) and be PSD2-compliant.
PSD2 introduces authentication requirements that go above and beyond typical 2FA:
- Each authentication code must be specific to the transaction amount and recipient, and
- Both the payment amount and recipient must be made clear to the payer when authenticating.
The Authy API has several methods for completing authentications. Push authentication meets ...
Introducing Verify v2: Phone verification re-built from the ground up.
Confidence in your users’ phone numbers decreases fraud and increases the reliability of communications with them. Twilio’s Verify API is used to verify ownership of 235 million phone numbers each year. With all the delivery and business logic prebuilt, Verify can be implemented in just 2 API calls.
For 2019, Verify has been rebuilt to fully leverage the Twilio platform, resulting in a 300% increase in requests per second (RPS), greater integration with the Console, improved library support, and granular verification logs. We’re excited to announce that this new API, Verify v2, is now in public beta.
- Easily trace and troubleshoot phone verifications using new logs in the Twilio Console, helping you monitor individual verifications on a per-user basis.
- Proactively respond to shifts in verification traffic with metrics that show verification destinations and geographic trends. For example, identifying low success rates in Argentina or South Korea ...
How Twilio Can Help with Strong Customer Authentication in PSD2
This is the second of a three-part series of posts detailing PSD2: Strong Customer Authentication in the EU (SCA).
In the first part of this series, we looked into PSD2’s requirements for dynamic linking, and established that Two-Factor Authentication (2FA) can be used for Strong Customer Authentication (SCA). In this piece, we’ll look at the different types of 2FA you can use with Twilio’s Authy API and how it can help you meet dynamic linking requirements.
Authy is a fully featured authentication API that makes it simple to add 2FA or passwordless login to your applications. It supports One Time Passwords (OTP) sent via voice and SMS, Time-based One Time Passwords (TOTP) generated in the free Authy app or via an SDK, and push authentications via the same Authy app or SDK. This article covers both push authentication and OTP via SMS and voice. TOTP will be ...
Understanding Dynamic Linking in PSD2
This is the first of a series of posts detailing the EU’s PSD2 Strong Customer Authentication (SCA).
Riding on the convenience of same-day delivery and 1-click payments, online purchases are conquering the consumer marketplace. But they face a serious new challenge starting in September 2019, when any card-not-present transaction over 30 Euros will see an increased amount of friction by requiring payer authentication.
The European Banking Authority has issued rules and regulations in the form of the Payment Services Directive 2 (PSD2), a policy that regulates all payment service providers completing a payment in EU member states and applies to businesses around the world. The main goal of PSD2 is to open the payment ecosystem, allowing for new technologies that aim to simplify online payments or transfers. However, another aspect of the policy is to address concerns about rising costs of fraud for online financial transactions by mandating strong ...
Alphanumeric Sender IDs For Improved Authentication and User Verification Security
When using SMS to verify a phone number or for two-factor authentication, it’s essential that the message successfully gets to the intended user, without delay, in order to maximize conversion. However, there are a lot of variables in ensuring reliable and fast delivery of messages globally. Some routes are faster than others, while certain destinations only allow messages from specific kinds of numbers, and carriers will often filter repeated messages, thinking they’re spam.
Because configuring efficient and reliable SMS delivery can be complex, and will likely require constant maintenance, Twilio offers two pre-built APIs, Verify and Authy, which spare developers the hassle of trying to making sure your verification and authentication SMS messages get to their intended recipients quickly and consistently.
As part of our ongoing improvements to these APIs, we are announcing the introduction of AUTHMSG, an Alphanumeric Sender ID, for use in 79 countries, which will ...