Before the deadline extension, many payment service providers were faced with having to implement SCA in anyform… rather than implementing it as effectively as possible. In order to cope, banks need to have systems in place that are able to assess for fraud at huge volumes and in real time. Visit our stand to find out more about how AI could help you get ready for the deadline. This includes most online shopping transactions. Forter’s Adaptive Authentication capabilities. “Meanwhile, the poor merchant doesn’t know where the card was issued, doesn’t know what to enforce!”, Was Brexit a cause of this? All UK issuing banks, acquirers and gateways will need to continue to work towards technical and operational readiness to support merchants and cardholders at pace. So, we have lots of useful to help you manage this challenge, including FAQs and editorial from the experts in our PSD2 hub. Or download it as an eBook. This potentially leaves payment service providers susceptible to unauthorisedparties potentially gaining access to sensitive and confidential information. Revolut, for instance, offers users several types of travel insurance as well as access to airport lounges as part of its premium service for a monthly subscription. By Erich Gerber, SVP EMEA & APJ, TIBCO Software. Real-time fraud prevention used to be a luxury – but now it’s a must-have. Compliance will require many changes to anti-fraud and customer identification processes. So banks will have to enrich them with additional data on variables including digital identity, reputation and past behaviour. As Deloitte observed: “While many banks are experimenting with digital, most have yet to make consistent, sustained and bold moves toward thorough, technology-enabled transformation.”. It is mandatory to procure user consent prior to running these cookies on your website. However, for the average user, this will have an impact and as we see the adoption of more biometric factors as part of general authentication, it is a boost for ensuring the person doing the purchase is legitimate. This means that active enforcement of SCA will start from January 1 2021 in continental Europe, but will not be enforced in the UK until September 14 of next year. Already known for being the safest place for money, there are opportunities for banks to expand that relationship to other aspects of the customer relationship. Banking is an old sector: the Banca Monte dei Paschi di Siena has its roots in the 15th century and the oldest UK banks go back to the 17th century. In this article, we’ll break down exactly what this extension means for payment service providers, and we’ll also offer a solution to the need for PSD2 compliance. McMurtrie said there are exemptions which will allow the number of authenticated transactions to be reduced, and for low value transactions to be exempt. In this article, I want to provide a critique of the banking sector and its failure to change fundamentally and to modernise. Some base their protection on simple rules and aren’t able to detect fraud in real time or stop transactions in progress. Retail banking is a perfect example to illustrate the yawning chasm between the illusion and the less attractive reality. It might be like finding a needle in a haystack. Surveys show that they want their banks to be responsive, easy to use and available across multiple channels. He said no, as the delays have been caused by the ecosystem not being ready and clarifications on rules and technology being late to be defined, “and this has been going on for months, and the detailed implementation is not ready.”, As for Brexit’s impact, as the transition period will end on January 1, there will be a period between January and September where the UK will not be treated as being in scope. The deadline extension is great news for payment service providers all across the EU, as it offers an increased timeframe to provide customers with a stable, secure and safe form of SCA. Merchant initiated transactions, like recurring subscriptions, would notrequire SCA. The deadline extension should however be seen as more of a ‘grace period’, as payment service providers are still expected to be working towards SCA compliance by September 14th. See if they’ll work for you. The question now is not whether PSD2 compliance should remain at the top of the priority list. Implementing reliable, easy to use, and secure SCA, within the allotted timeline, was beyond the abilities of many payment service providers, especially smaller ones. This conforms to the ‘something a person has’ security requirement, as the customer would need access to their phone or email to gain access to their account. The deadline for the rest of the European Economic Area (EEA) remains 31 December 2020. HSBC Extends open Banking Concept to Trade Finance With Launch Of FirstAPI, By Young Pham, Chief Strategy Officer at CI&T. So what changes have been made in the last year? We all know that retail banking has changed significantly: you can see that in the proliferation of apps and the fact that, in pre-pandemic times, the morning and evening commute are peak times for transactions as people arrange their finances while sitting in trains, buses and subways. routing and more, Maximize approvals and reduce fraud for your merchant - The FCA is strongly encouraging other competent authorities to also consider a delay due to COVID-19. The goal of SCA is to strengthen the security of online transactions, notto disrupt the marketplace by locking payment service providers (and their customers) out of processing online transactions. Necessary cookies are absolutely essential for the website to function properly. To give payment service providers more time to meet new guidelines and to avoid disrupting the marketplace, the, Before the extension, payment service providers would have been required to implement, SCA, at least for now, is only required for online transactions initiated by the consumer. if a third party is involved). For instance, banks could offer everyday services for most users, such as insurance for individuals or business management tools for business accounts. “Although, many issuers will not realize this variance of timings; there will be strange times between January and September where cards are treated differently.”. The bank optimized its competitive standing within the global financial industry, later transforming into an urban banking institution where they reinstated their name as the National Citizens Bank. The National Citizen Bank was initially established as a rural bank in 1995 under the name Bank of Kien River. By Emine Constantin, Global Head of Accoutning and Tax at TMF Group. Therefore, merchants should seek a fraud prevention partner that can both protect their business from fraud and abuse, and help them streamline SCA so that they can maintain full PSD2 compliance without adding unnecessary friction to the customer journey. This refers to biometrics, like fingerprint and facial recognition. [i] The deadline for eCommerce compliance is 31 December 2020 in Europe and 14 September 2021 in the UK. New data flows and new payment systems present possible system back doors and new attack vectors that hackers will be quick to discover. You also have the option to opt-out of these cookies. They have to do much more or they will see a decline in their fortunes due to their bankrupt capacity for innovation and their inflexible infrastructures. This means the banks have a much bigger traffic volume to handle and review for fraud. 3DS the strongest data security protection The 3-D Secure 2 (3DS 2) standard is the global benchmark of card-not-present data authentication. Call Charges: The following is a guide to call charge information from Business landlines within the UK. Whilst PSD2 intends to increase both the security and convenience of the industry, many of the required adjustments are inherent risks for how they change the existing system. However, the extended deadline relates to SCA, and it is by those dates above that any card issuer must decline any transaction if it is not 2FA authenticated. The FCA confirmed the new SCA enforcement date to be 14 September 2021 in the UK. We sat down with Forter GM of EMEA Aaron Begner to discuss how merchants should prepare for enforcement of SCA and what impact it will have on e-commerce in the months and years to come. Namely, one of the most common forms of SCA are one-time passwords (OTPs). This should not be treated as a regulatory challenge, but rather a way to grasp the unique opportunities that banks have to reposition themselves as the most trusted resource for their customers. OTPs are short codes sent to a person's email or mobile phone, after a customer has entered a password or PIN. However, it can also inherently add additional friction to the checkout process and degrade the overall experience consumers have on their site. We use cookies to enhance your visit, personalise our content, social media features, ads & to analyse our traffic. The National Citizen Bank was recognized for its all-inclusive professional working environment and ongoing staff development that enhances its internal communications and employee relations. reseller abuse, Protect from account takeover, account opening fraud and