Ingenico helps with SCA
Chris Hamblin, Editor, London, 2 June 2020
Ingenico Group, the digital payments software vendor, is marketing a new 'accelerator suite' which is designed to help banks' online businesses with the implementation of Strong Customer Authentication (SCA) before the British Financial Conduct Authority's deadline of 31 December.
The deadline for the advent of the SCA part of the European Union's second Payment Services Directive (PSD2) was originally 14 September last year. In August of that year, the FCA decided to put the implementation of that directive 'on hold' for 18 months. The European Banking Authority, presumably on behalf of all the countries that are not leaving the European Union, eventually plumped for the same date. The UK has already spearheaded the directive's 'open banking' initiative, while other EU countries have struggled.
Ingenico's suite of SCA software will manage transactions on behalf of Ingenico’s customers and includes features such as the following.
- Authentication routing, data collection and the 'streamlining' of the mobile user's experience.
- Automatic step-up. For issuers, transactions will be submitted through 3D Secure and then resubmitted for authorisation without any effect on the merchants.
- Automatic fallback. If 3DS v2 is not available, a transaction will automatically be resubmitted to an earlier version.
- SmartComply. This determines whether SCA is required or should be skipped.
- AutoExempt. This automatically selects and uses the best exemptions, depending on the nature of the transaction being processed and issuer/acquirer performance.
Before the end of the year, Ingenico is urging financial firms with online businesses to take time to monitor the performance of 3DS vv2.1 and 2.2 by testing the latest version, the better to find out how and where to make improvements.
Strong Customer Authentication, according to PSD2, ought to ensure that transactions are authenticated using two or more of the following.
- Knowledge. This should include something that only the user knows, such as a password, a personal identification number or an ID number).
- Ownership. This should centre on something that only the user possesses (e.g. mobile device, token, smart card).
- 'Inherence.' This is something that only the user 'is.' Inherence includes his fingerprints, his face and his voice and depends on software to verify them.
PSD2 calls for the use of dynamic links (between the amounts of the transactions and the account numbers of payees) for remote payments.