May 4, 2022
What is PSD2 Regulation and SCA
The implementation of the EU Payment Services Directive 2 o PSD2 regulation has had a full impact on online operations and activities. From banking and finance to any e-commerce, this European PSD2 directive has laid the foundations for accessing online banking and reinforcing security in electronic payments made within a European market of 500 million users.
Harmonizing the European market makes it possible to standardize the processes related to electronic payments in 28 different countries, assuming an easy, simple, and unique way for companies, both European and international, to implement it and to be able to offer their products and services without difficulties and with security. This is possible thanks to the introduction of PSD2 Strong Customer Authentication (or PSD2 SCA).
Therefore, PSD2 compliance means having to apply Strong Customer Authentication in every KYC process.
Discover here all the details about PSD2 SCA (Strong Customer Authentication).
PSD2 MEANING: WHY PSD2 COMPLIANCE IS IMPORTANT?
PSD2 Regulation (EU Directive 2015/2366) was approved by the European Commission to replace the previous law PSD, which laid the foundations to regulate electronic transactions related to payments. It was born because of the penetration of the market by new 100% digital players, such as Fintech, and given the need for higher levels of transparency regarding online activities.
The PSD2 regulation implements new requirements that pretend to ensure transparency and fraud prevention. European Commission PSD2 requirements achieve this by creating a single market for online payments throughout Europe, easy to implement for both European and international companies and that offers the best security guarantees to users.
Thanks to AML5 and eIDAS, companies can access a homogeneous market of 500 million users. Download our whitepaper here for free.
Therefore, the PSD2 regulation introduces important requirements regarding the security of payments and modifies the responsibility in cases of theft and fraud prevention in addition to mitigating risks by minimizing the number of necessary actors during the KYC processes.
With PSD2 compliance, the Payment Services (TTPS) now see their operating conditions improved concerning the rest of the players, which increases transparency and optimizes payment processes.
WHAT IS PSD2 SCA (PSD2 STRONG CUSTOMER AUTHENTICATION)?
As we have been anticipating, the two key points of the PSD2 regulation are the reinforcement of the security of online operations and the innovation and optimization of the processes. That is why, on many occasions, the PSD2 directive is compared to the GDPR in terms of data including what PSD2 regulation comes to contribute in.
The use of identity verification processes is standardised to corroborate that a client is who they claim to be, thus extending the already known KYC (Know Your Customer) process in the financial sector with the introduction of the SCA (Strong Customer Authentication) concept.
PSD2 SCA means getting to know the identity of the client in a legitimate way and with guarantees. That is why in the new PSD2, strong customer authentication is mandatory for many industries, where banking and finance stand out, due to AML (Anti-Money Laundering) protocols and their own needs given the nature of their activities. Here is when the eKYC (electronic Know Your Customer) new technologies and solutions merge with the requirements proposed by PSD2 for secure online payments.
Contact eID through this form and an expert will advise you on PSD2 and SCA standards.
FACIAL BIOMETRICS IN PSD2 SCA FOR FRAUD PREVENTION
Identity verification processes within the PSD2 directive for payments and other types of online activities can be carried out in different ways. However, not every way rigorously meets the security and technical needs and PSD2 requirements needed to effectively identify users and reduce fraud risks to zero.
This is where facial biometrics come into play, such as SCA (Strong Customer Authentication) and 2FA (Two-Factor Authentication), to provide payments with the adequate security level required by PSD2 regulation.
The facial recognition system records the biometric pattern of the person that wants to be identified creating an unambiguous mathematical model that is associated with the identity of the user. Solutions such as VideoID include dozens of real-time video checks thanks to the latest AI and machine learning to eliminate the risk of impersonation through images or deepfakes, from live smiles to depth detection.
Learn all the details about facial recognition.
The identity verification process through live facial recognition with video identification does comply with the PSD2 requirements for SCA processes, unlike the methods that use static images or selfies, which do not guarantee adequate security.
PSD2 CERTIFICATION FOR COMPANIES
With PSD, electronic businesses had to make a call to a series of intermediaries that connected them with the means of payment (PayPal, Visa, Mastercard…) to later perform the payment. Thanks to the PSD2 regulation and SCA, the client himself can authorize the online store or company to execute the payment on their behalf.
This update introduces a new process in which e-commerce and the bank are connected through an API. This significantly improves the security of the process and avoids any intermediate steps, guaranteeing more privacy for the user, protecting their data, and being able to carry out the eKYC process on the web or app with PSD2 SCA, which means a reinforced authentication that prevents fraud.
This change in the processes led to the birth of PISP (Payment Initiation Service Provider) and AISP (Account Information Service Provider) services. The first type of application acts as an intermediary between the financial institution or bank and the electronic store, while the second one focuses on platforms to store the data of users’ financial products and services.
Schedule an appointment here and access 508 million users thanks to the European standardization of customer onboarding.
HOW PSD2 IMPROVES FRAUD PREVENTION? PSD2 PAYMENTS
Thanks to PSD2, as we have been discussing, security controls that prevent online fraud such as identity theft are introduced. This way, it is impractical (and extremely difficult) for a possible offender to carry out operations on others’ behalf and access the contracted products and services.
The security requirements introduced by the PSD2 directive block unauthorized online payments and prevent the use of a stolen credit card thanks to SCA double-factor authentication procedures. Identity verification parameters such as fingerprint, iris, or facial patterns are inaccessible to digital criminals.
Moreover, the terms of liability have also changed with European Commission PSD2 compliance. Now, the user will only be responsible for unauthorized payments up to 50 euros, compared to the 150 of the previous directive, being the company the one that will have to face the defrauded amount.
eID, COMPREHENSIVE SOLUTIONS FOR PSD2 COMPLIANCE
Electronic IDentification, RegTech 2022 company, is a Qualified eTrust Services Provider expert in regulations associated with online user-organization relationships, such as PSD2. With extensive experience in the Fintech area, develops comprehensive solutions for all technology and regulatory compliance needs so that companies and institutions can offer an agile, simple, and safe user experience.
eIDAS, PSD2, KYC, and AML have transformed the market, not only in Europe but also at an international level, so that businesses can optimize their processes, drive their growth and expansion, and develop and acquire customers like never before.
Discover a variety of applicable use cases that strictly comply with eIDAS, PSD2, SCA, AML, and electronic signature processes.