Understanding Strong Customer Authentication (SCA) for Online Payments in Ireland

Slide Note
Embed
Share

The Irish Retail Payments Forum at the Central Bank of Ireland discusses the implementation of Strong Customer Authentication (SCA) under PSD2 regulations. SCA aims to enhance security by validating user identity through two-factor authentication. The deadline for full SCA migration is set for December 31, 2020, with specific requirements for online transactions. Market uncertainty and revised migration deadlines have shaped the preparation process for SCA compliance.


Uploaded on Oct 02, 2024 | 0 Views


Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript


  1. Irish Retail Payments Forum Central Bank of Ireland - RESTRICTED

  2. PSD2 Strong Customer Authentication Barry Harrington Central Bank of Ireland Central Bank of Ireland - RESTRICTED

  3. 3 Background EU Commission developed the Directive - Directive 2015/2366/EU (or PSD2) PSD2 transposed into Irish national law on 13 January 2018 Payment Services Regulations (PSR) The Regulatory Technical Standards on Strong Customer Authentication (RTS on SCA) entry into force 14 September 2019. Central Bank of Ireland - RESTRICTED

  4. 4 Strong Customer Authentication (SCA) Full migration to SCA deadline is 31 December 2020 The EBA developed the Regulatory Technical Standards (RTS) on SCA It was published in June 2017. While PSD2 came into effect in January 2018, the effective date of the RTS on SCA was deferred until September 14 2019. This was to allow industry more time to prepare for what is a large and complex change. The overall purpose of SCA is to contribute to reducing fraud for online payments. SCA is a process that validates the identity of the user of a payment service or of the payment transaction. Based on the use of a process known as two-factor authentication . Central Bank of Ireland - RESTRICTED

  5. 5 SCA How it works A payment service provider must apply strong customer authentication where a payer - accesses its payment account online, initiates an electronic payment transaction, or carries out any action through a remote channel which may imply a risk of payment fraud or other abuses. Two or more elements of the following must be used to validate the user: knowledge (something only the user knows, e.g. a password or PIN), possession (something only the user possesses, e.g., authentication code generating device), inherence (something only the user is, e.g., fingerprint or voice recognition). Plus for remote (primarily online) transactions a unique authentication code which dynamically links the transaction to a specific payee and a specific amount must also apply Central Bank of Ireland - RESTRICTED

  6. 6 SCA Implementation SCA will be applied for online transactions (e-commerce). The RTS, when published in 2017, was deliberately vague on what exactly would qualify as an element of SCA, as it had to be seen as technologically neutral. However, this led to a lot of market uncertainty in how to prepare for SCA and the Sep 14 deadline The EBA released an Opinion in June 2019, 3 months before the SCA deadline, outlining this information, meaning the solution the Irish market, and many others, had been working towards would not be SCA compliant. The EBA released an Opinion in October 2019 setting 31 December 2020 as the revised deadline for migration. Migration plans are required to be submitted by issuing and acquiring PSPs by 31 December 2019. National Competent Authorities require issuing and acquiring PSPs to have completed their migration plans by 31 December 2020. Central Bank of Ireland - RESTRICTED

  7. 7 SCA Migration planning EBA opinion and migration planning requires PSPs to Identify the SCA-compliant authentication approaches Identify what SCA exemptions do you intend offering Explain how users will be enrolled into these authentication approaches Inform PSUs about the SCA-compliant authentication approaches Inform PSUs what exemptions will be utilised Establish educational campaigns as needed Central Bank of Ireland - RESTRICTED

  8. 8 SCA Out of scope Telephone and paper based transactions Payee initiated transactions (Direct Debits) SCA required for initial set up if online Gift cards Outside of EEA transactions Central Bank of Ireland - RESTRICTED

  9. 9 SCA - Exemptions Payment Account Information Contactless transactions Unattended terminals Parking/Transport Trusted Beneficiaries Recurring transactions Standing orders Own account transfers Low value payments Corporate payments Transaction Risk Analysis Central Bank of Ireland - RESTRICTED

  10. 10 SCA key messages EBA opinion sets final migration deadline for SCA ecommerce migration as 31 December 2020. Essential to examine how this will impact on payment processes Talk to your bank and merchant acquirer as soon as possible to examine pathway to compliance Central Bank of Ireland - RESTRICTED

  11. Irish Retail Payments Forum Central Bank of Ireland - RESTRICTED

  12. BREXIT Central Bank of Ireland - RESTRICTED

  13. Irish Retail Payments Forum Central Bank of Ireland - RESTRICTED

Related


More Related Content