Point-of-sale: Along with the customer's PIN
Online payment with Payworld is made with the customer's 3D Secure Password.
Other factors that could be considered as possession include:
Mobile phones
Card readers connected to the Internet
Wireless tags
USB authentication devices,
A card reader or authenticator app generates an authentication code. irctc ka agent kaise bane in hindi
There are two main risks associated with using possession factors: theft and replication.
Inherence (Something that the customer is)
Inherence factors can be described as biometric data such as:
Fingerprints irctc ka agent kaise bane in hindi
Voiceprints
Retina scans or Iris
Facial recognition
Keystroke dynamics (a person's unique typing characteristics)
There is a lot to be done in this area, with facial recognition and fingerprint scanning now standard on mobile phones.
Biometric data must be protected with strong security measures as it is highly sensitive.
Exemptions for Strong Customer Authentication
Exemptions for Strong Customer Authentication irctc ka agent kaise bane in hindi
There are many types of transactions that don't require SCA.
If an exemption applies, the customer may make a purchase using one authentication factor and not two or more.
The SCA exemptions can be found between Articles 10-18 in Commission Delegated Regulation 2018/389 (also known by the Regulatory Technical Standards or RTS). irctc ka agent kaise bane in hindi
The retailer is not allowed to determine whether exemptions are applicable. The Payment Service Provider will decide. Retailers need to be aware of these exemptions to optimize their operations and increase the likelihood that payments will be exempt.
When there is friction during the checkout process, customers are more likely to abandon their purchases. Exempted payments that only require one authentication factor are more likely to be completed.
Let's look at the SCA exemptions that can impact retailers taking payments from customers.
Contactless Payments at Point-of-Sale (Article 11).
If the customer makes a contactless payment at the point of sale (not online), then the Payment Service Providers do not have to apply for SCA.
The transaction cannot exceed EUR50
Since the last time SCA was applied, the customer has made contactless payments of EUR150 or less.
The customer has completed five or fewer contactless transactions consecutively since the last application of SCA.
Remote Transactions of Low Value (Article 16).
When a customer makes remote (i.e. All conditions must be met for online transactions:
The transaction is not more than EUR30
Since the last time SCA was applied, the customer has made at least EUR100 via remote transactions.
Since the last application of SCA, the customer has completed five or fewer remote transactions consecutively
Transaction Risk Analysis (Article 18)
SCA is not required for certain transactions that are low-risk.
This exemption is powerful and requires that Payment Services Providers have a strong record of fraud prevention.
The Payment Service Provider must demonstrate that there is a low rate of fraud overall before it can apply for the exemption. This applies to both general fraud and specific transactions.
To establish this, the Payment Services Provider will need to conduct a real-time analysis of risk.
The customer has not made unusual purchases or displayed unusual behavior.
There is no evidence that the customer has used an unusual device or accessed any app.
During the authentication process, there are no signs that a malware infection occurred.
This transaction is not related to fraud that could occur while providing payment services.
The customer isn't in an unusual location.
The payee isn't in a high-risk area.
If a Payment Service Provider has high fraud rates over more than two consecutive quarters, it cannot claim this exemption.
This exemption will encourage competition among Payment Service Providers.
A Payment Service Provider that has a low fraud rate will make it easier for your customers to checkout. You will have a greater chance of being able to use the "transaction risks analysis" exemption.
Direct Debits
SCA does not cover Direct Debits. To set up Direct Debits, a customer doesn't need to be covered by SCA.
Technically, this is not an exclusion. Direct debits are initiated by merchants/retailers and thus fall outside the PSD2's scope.
3D Secure
3D Secure
3D Secure is a 2-Factor authentication method. Many Payment Services Providers offer a version 3D Secure or will start to do so when SCA becomes mandatory.
Different Payment Service Providers may use the 3D Secure Framework under a brand name.
Visa Secure
Mastercard Identity Check
American Express SafeKey
3D Secure 1
Both customers and retailers can opt-out of the first generation 3D Secure, which is in use since 2001.
3D Secure is a frictional feature that customers will experience at checkout. However, it allows them to transfer liability for fraudulent transactions onto the card issuer. Customers can get a refund easily for fraudulent transactions.
To set up 3D Secure, customers must register with their credit card issuer. Customers will be directed to the card issuer's site during checkout to provide additional authentication information.
