Payment Services Directive 2 (PSD2) is a prime example.
What Is PSD2?
The European Banking Authority (EBA) has launched PSD2 to create safer and more innovative European payments—particularly online and mobile payments. PSD2 requires EU-based payment service providers (PSPs) to implement Strong Customer Authentication (SCA) on most instances where customers access an online portal or direct payments.
When Does PSD2 Start?
The original PSD2 launch date was September 14, 2019. The EBA has since recommended additional time for PSPs to become compliant with a new deadline of December 31, 2020. The UK’s Financial Conduct Authority has also given online merchants more time to comply with SCA requirements. The new UK date is March 2021.
What Is SCA?
SCA stands for Strong Customer Authentication. SCA serves to reduce fraud and make online payments more secure by requiring additional authentication during the checkout process. Specifically, SCA is required when the physical credit card is not present and the transaction amount is over €30. In these instances, customers must prove two of three possible elements to complete a transaction:
- knowledge, something they know (PIN code, password)
- possession, something they have (digital signature, one-time-password)
- inherence, something they are (fingerprint, face recognition)
Certain exemptions apply, with the more common being low value and low risk transactions, subscription or recurring transactions, whitelisted merchants, mail order or telephone orders, and B2B transactions.
Added Security Measures through Dynamic Linking
PSD2 also requires the dynamic linking of an authentication token (such as a PIN code) to the specific amount and payee of the transaction. If the amount or payee is changed, the authentication token will no longer be valid and a new token must be generated.
The Value of SMS and TTS in PSD2 Compliance
SMS and TTS are important tools to send and receive unique codes that meet the dynamic linking requirement. Their importance extends to convenience and availability—two key factors for acceptance and usage. Not everyone has the latest-greatest mobile device to read a fingerprint, scan a face, or even download the appropriate app. But everyone with a mobile device has the ability to receive a text message and phone call. And through the power of our platform, Vonage terminates calls to over 225 countries for all kinds of companies with global applications—including the success stories of Vinted and Remitly.
Vonage APIs Make Authentication as Simple as Sending an SMS or TTS
The Vonage Verify API is a great solution to meet the dynamic linking requirement within PSD2. That’s because Verify allows PSPs to produce a code through two-factor authentication (2FA) that includes both the amount and payee. The relationship of the code, amount, and payee are all unique—a dynamic linking mandatory—when generated through Verify in a single 2FA attempt. PSPs must ensure that the code has not changed, whether internally or through a third-party attempt. Any change to the code invalidates the payment.
Using Verify PSD2 use cases is simple. Businesses just have to forward the phone number they want to authenticate to the Verify API, including the payee and amount of the transaction—and Vonage takes care of the rest and sends the code through SMS. Verify also provides failover. In the event the SMS is not sent, Verify automates the retry through TTS and other channels.
Efficiencies and Savings
Businesses have their unique needs, requirements, and budgets. That’s why Vonage Verify API customers only pay conversion fees for successful conversions (SMS and TTS rates for attempts still apply).
Vonage Helps You Find a Balance
You always seek to deliver positive customer experiences. But when it comes to online payments, it’s a constant balance of security and accessibility. If the process is secure but cumbersome—you could alienate your customers. Make it easy to use at the cost of security—and you open yourself to fraud. Vonage strikes the balance of security and accessibility, and helps your business establish and maintain strong compliance with PSD2 requirements.
To learn more about Vonage 2FA solutions, please visit our Verify API page.
And don’t forget to check out this exclusive whitepaper on “Strong Customer Authentication (SCA).”