What is strong customer authentication really all about?

The European Union has revised the Directive on Payment Services (PSD2) by introducing a Strong Customer Authentication (SCA) requirement for payment service providers (PSPs) within the European Economic Area. The SCA introduces a new form of transaction monitoring on contactless payments. Transaction monitoring is a strategy used by financial institutions, including traditional PSPs and Fintech companies, to monitor how and what your money is being spent on in order to identify and tackle financial crimes such as money laundering and fraud.

Monitoring and identifying for potential financial crime is done by looking at patterns of expenditure and income of an individual’s account and investigating potentials red flags when suspicious activity is identified. Suspicious activity could include large purchases outside of usual expenditure; a large withdrawal or deposit of money; or unusual transactions or transfers. These are all factors that will raise red flags when the account is being monitored. The requirements within the SCA ensures that electronic payments are performed with multi-factor authentication, to increase the security of electronic payments and to enhance the transaction monitoring requirements.

The new EU regulations, which came into force on the 14th of September 2019, have been put in place to tighten up on the combat of fraud and financial crime, especially in relation to on-line transactions and contactless payments.

There was a lot of interest when the new contactless payment was introduced into the UK in 2007. At first, people were sceptical but by the first half of 2016 the use of contactless really picked up with more contactless payments being undertaken than the entire previous year. This trend may now go in the opposite direction as regulations are now putting limits on how often a contactless card can be used as a payment method as well as limits in relation to what can be spent each day via contactless payment. When a daily limit has been reached or the number of uses or spending limit has also been reached users are asked to put in their chip and pin in order to verify their identity. Part of the new European SCA regulation is to increase the security of payments.

The requirements within the SCA may result in a decrease in the use of contactless payments, resulting in users going back to the use of chip and pin; however, there may also be an increase in the use of Google Pay and Apple Pay as they both already conform to the SCA. This could be very good news for Google Pay and Apple Pay as one in two transactions are made by contactless.

Criticism for the SCA came from Visa in 2016 as they criticised the proposal of making strong customer authentication mandatory, on the grounds that it could make online payments more difficult, and thus hurt sales at online retailers.

As technology evolves, criminals are also evolving their tactics to exploit systems in order to launder money and undertake fraudulent activity. Financial institutions and PSPs should undertake regular reviews of their processes and technology to ensure they are adequate to protect against financial crime.

For more information please contact info@lysisfinancial.com


By Alex Arowosekila, Junior Consultant at Lysis Group