Digital transactions are quickly becoming the norm, with trillions of dollars crisscrossing the globe via the internet. Securing this fast-growing market is the EU’s Revised Payment Services Directive (PSD2) objective, particularly its Strong Customer Authentication protocols. Payments both domestic and international are already subject to strict authorization requirements, but SCA is another level, requiring a multifactor authentication process that must include two of the three following verifications: A knowledge-based authenticator like a PIN or password, a hardware-based authenticator like an SMS sent to a smartphone or a physical security key and a biometric authenticator like a fingerprint or facial recognition scan.
These stringent authentication requirements could go a long way towards keeping customers safe, but it requires a massive change from banks, merchants and payments processors. The good news is that most of these organizations are making it work. While only 75% of firms said they were ready to meet PSD2’s authentication requirements in 2018, this number has shot up to 99% this year.
In the September Authenticated Payments Report, PYMNTS explores the latest in the world of payments authentication, including how PSD2 and SCA have affected payments authentication, the continuing challenge of implementing compliant authorization systems and customers’ evolving attitudes on balancing payments security and convenience.
Developments From the World of Authenticated Payments
One aspect of PSD2 that many companies are hesitant about is open banking. A recent study found that just 3% of financial services firms said they were ready for PSD2’s open banking regulations, which go into effect in September. The biggest problems with open banking implementation revolve around data protection, with 62% of respondents saying they were having trouble guaranteeing data safety across multiple systems.
An overwhelming reliance on passwords is a major weakness with many existing payments authentication systems, including those for cross-border payments. A recent study found that 90% of organizations plan to continue leveraging passwords for at least the next year, with 18% saying it will take more than five years for them to eliminate passwords and 30% saying they have no plans to replace them at all. These viewpoints prevail despite the known security flaws associated with passwords, with 53% of organizations saying they realize that compromised passwords are a known threat vector.
Customers are quite willing to sacrifice cybersecurity for convenience when it comes to payments authentication. A recent study found that 82% of customers reuse passwords at least some of the time, mainly due to the effort involved in making new ones. Customers’ emphasis on convenience over security extends to 51% of millennials, who said they would prefer to place an order on a potentially unsecured app than place it by phone.
For more on these and other payments authentication news items, download this month’s Tracker.
Why Automation Could be the Key to Streamlining SCA Compliance
Many merchants have found it challenging to comply with PSD2’s SCA requirement, with some spending copious amounts of time implementing multiple avenues of authentication or expressing confusion about possible exemptions. But it might be best to take such variables out of human hands when addressing these issues, said Adam Zamecki, director of sales at online payment platform SecurionPay. In this month’s Feature Story, PYMNTS spoke with Zamecki and sales manager Michael Kalwasinski about how automation could help merchants streamline SCA compliance and implementation before the deadline to do so arrives.
Deep Dive: The Multifaceted Effects PSD2 Brings to Payments Authentication
Payments authentication can be tricky even under the best circumstances, but the looming deadline of PSD2 and its SCA requirements could potentially throw a wrench in merchants’ and payments processors’ gears. Businesses are scrambling to upgrade their authentication systems in time for the new requirements for multifactor authentication. In this month’s Deep Dive, PYMNTS explores how PSD2 and SCA could affect the payments industry and why merchants feel ready to meet these new standards.
About the Report
The Authenticated Payments Report, a PYMNTS and LoginID collaboration, is the go-to monthly resource for updates on trends and changes in payments authentication.