PSD2 regulations came into force in the European Union from 2019 and since then, all the third party service providers and banks were forced to adapt to the new requirements in regard to money transactions inside Europe.
The main goals revolve around making online/remote transactions safer, faster and reduce fraud. With that in mind, it became mandatory to apply a specific set of security measures to every transaction.
More specifically, these measures are covered by what’s called strong customer authentication (SCA), which most of the time is referred to as two-factor authentication (2FA).
These two terms — PSD2 Authentication and SCA — are many times used interchangeably, since they refer to the same set of security measures, but that doesn’t mean they are synonyms.
Essentially, strong customer authentication is a set of safety measures/regulations that were integrated into PSD2, under the authentication section.
The set of rules implemented by strong customer authentication are very clear, easy to follow and easy to monitor.
For a transaction to be validated and to comply with the PSD2 authentication requirements, third party providers need to assure that the customer identity is verified using at least two independent pieces of information:
By assuring that these security measures are followed on every transaction, it became possible to greatly reduce the risk of fraud.
Although these regulations must be applied to payments processed in the European Economic Area (EEA), a few exemptions were created to facilitate some low-risk transactions. Even though a service provider might request exemption for a transaction, the last decision will always be taken by the bank, which can always deny it and request for SCA to be applied.
Most common PSD2 authentication SCA exemptions:
With its integration with PSD2, some regulations were introduced to help guide and ensure the correct enforcement of strong customer authentication. More specifically, we are talking about Regulatory Technical Standards, also known as RTS.
These are a set of technical compliance standards that, once endorsed by the European Commission, need to be met by all parties.
While the two major players to guarantee safety with PSD2 are strong customer authentication and secure open standards of communication, they were lightly described in the regulation. For that reason, the European Commission drafted RTS to be applied on both, so the safety and privacy of users would be protected.
Being one of the largest online payment platform in the world, PayPal is enquired many times regarding their security practices and measures to fight against fraud. As many of its users perform transactions in Europe, PayPal couldn’t delay the implementation of new procedures to ensure PSD2 compliance.
To highlight the measures implemented, PayPal even created a dedicated page to PSD2 and Strong Costumer Authentication, explaining to their users what are they and how SCA works within the payment platform.
Essentially, PayPal explained to customers that the new implementation will simply result in an extra layer of security when verifying identity. They specify that most of the time users will be able to login by only using their email and password. Although, from time to time, they might be asked to receive an additional one time password.
We frequently share industry news and Nordigen product updates to our closest friends, fintech innovators and industry experts. Sign up to our newsletter to hear more from us.
By providing your email, you accept