The ongoing PSD2 (Payment Service Provider Directive) requirements surrounding strong customer authentication and the SCA have led to a high abandonment rate for eCommerce in Europe. This is because merchants and issuers have difficulty implementing it due to high costs, lengthy implementation cycles, and vulnerability to fraud.
Merchants, therefore, look for and implement the correct type of SCA and Fraud Prevention Actions for their online activities.
PSD2 Requirement to Strong Customer Authentication
PSD2 falls under articles 6, 7, and 8. Each of these articles requires at least two multi-factor authentications for digital identity verification.
- Something known – a PIN or password
- Something you own – laptop or security key.
- Something you are – fingerprint biometrics or face ID
The second category is found under article 9.3.a, which states that authentication devices must not interact with other authentication methods.
PSD2’s surrounding principle, fido2key, was created to prevent fraud. However, it is also true that not all methods of SCA implementation have the same strength.
Social engineering is a popular way for tech-savvy fraudsters to bypass multi-factor authentication. Online retailers and issuers need to be aware of the weaknesses in their authentication methods to prevent fraudulent activity. To avoid fraudulent activities, almost everyone accessing eCommerce needs robust online identity verification.
There are several ways fraudsters can gain access to multiple bank accounts for a single user. Through social engineering, one can identify through phishing and man-in-the-middle (MITM) attacks.
Another way is through SIM swapping, which happens when an unknown mobile number sends a message about a new SIM card activation which happens to be a fraudster’s number to be used in receiving an OTP that will give access to intercept a SIM.
Avoid fraud by learning more about solid customer authentication for a more secure, private authentication for the future—LoginID.