Implementing PSD2-Compliant Strong Customer Authentication

In 2019, payment service providers in the EU will be required to implement strong customer authentication (SCA) as part of PSD2. This e-book covers critical factors that financial organizations need to understand before these 2FA rules go into effect.

Download E-Book

Implementing PSD2-Compliant Strong Customer Authentication

Online transactions will soon face a pressing, new challenge when all card-not-present transactions over €30 euros will require Strong Customer Authentication (SCA) as stated in the European Banking Authority’s Payment Services Directive 2 (PSD2). This new rule will affect all payment service providers from anywhere in the world who complete a customer transaction made within EU member states.

When this regulation takes place in September 2019, it will likely lead to an upsurge in the number of payment authentications taking place and will pose numerous hurdles to organizations that process payments for EU residents.

This e-book will help organizations affected by PSD2 better understand and prepare for the coming SCA requirements. It aims to provide the financial community — from FinTech organizations to banks to payment service providers and gateways — with information on the best ways to implement secure and PSD2-compliant customer authentication while keeping customer impact top-of-mind.

Read this e-book to discover:

  • The relationships between strong customer authentication (SCA) mandates, the use of two-factor authentication (2FA), and dynamic linking.
  • The different types of 2FA you can use to meet SCA mandates and PSD2’s dynamic linking requirements.
  • Authentication process diagrams for push authentication, time-based one-time passcodes (TOTP), and one-time passcodes via SMS or voice.
  • New 2FA API features that generate transaction-specific passcodes and display PSD2-compliant payee and amount information even when users are offline.

Short on Time? Here are the key takeaways.

  1. In 2015, the European Banking Authority issued the PSD2 directive to regulate all payment service providers—regardless of where a business is based—when completing payments in EU member states.
  2. In 2019, a core component of the directive will take effect, mandating Strong Customer Authentication (SCA) for all card-not-present transactions above €30.
  3. SCA-level authentications will require that authentication codes be unique to each transaction, and not random (i.e., dynamic linking). When applying SCA during dynamic linking, both the amount and the recipient’s name must be made clear to the payer.
  4. When deciding how to implement SCA, consider the impact on the consumer: get it wrong, and you’ll adversely impact customer purchase flow. Some PSD2 exemptions may be considered to avoid disrupting how consumers, merchants, and payment service providers operate.
  5. Twilio’s Authy API can help payment providers meet dynamic linking requirements by making it simple to add 2FA to their services. Authy supports OTP delivered via SMS and voice, TOTP generated in the free Authy app, and push authentication. Authy 2FA via an SDK is also available.

If you’d like to discuss your current authentication strategy and how Twilio can help. Click here to talk to an expert.