Strong Customer Authentication (SCA) is Coming - Is Your Merchant Payment Services Process Compliant?
14 Jun 2019
Strong Customer Authentication (SCA) is Coming - Is Your Merchant Payment Services Process Compliant
Share this article:
Rate this article:
Contactless goes “unattended” for the first time at an outdoor location in Cyprus. It was also only a matter of time for a country like Cyprus to take the next step, say the payment solutions provider industry. Digital transformation of card transactions on a global scale is advancing rapidly and in Cyprus, a secure ‘omni-channel’ solutions supplier, such as Six payment services is already in place to help merchants escalate their business.
At the start of June, it was announced that acceptance of contactless cards was launched at RCB Bank’s self-service terminals installed at the Limassol Marina multi-storey car park. A spokesman for Mastercard in Greece, Cyprus & Malta says that the Cyprus consumer will “achieve best possible payment experience” and are looking ahead to “new project initiatives”.
Advances in merchant payment services continue to spread across the EU, bringing change to everyday card transactions in many consumer sectors. Stringent measures to prevent card / identity fraud always plays a key part in all developments. The European Payment Service Directive (PSD2) regulations came into force in January 2018, aimed at “protecting consumer rights, strengthening security and integrating payments across markets”.
All European merchants will have to comply
Under Regulatory Technical Standards (RTS), enhanced security protection levels have been created by the European Banking Authority (EBA). The critical element will be a legal requirement for Strong Customer Authentication (SCA) to be performed for electronic payments, which will come into force on the 14th September 2019.
SCA will apply to all forms of electronic payment performed with a card issued by a European card issuer including, bank and card payments, eCommerce, mobile, remote, contactless and face-to-face. The regulation will apply to the European Economic Area (EEA), which includes all 28 EU countries plus Norway, Iceland, Liechtenstein and the UK, and means all European merchants will have to comply.
Authentication applies to each customer and transaction
Under the new law, “two-factor” authentication at least, is required to prove that payment is being made by a genuine cardholder before any funds are authorised and the transfer is carried out. The law requires card issuers and acquirers to ensure that SCA has been performed, and merchants will be required to update their business processes and systems to ensure SCA is supported. The authentication applies to each customer and transaction, ‘dynamically’ linking the payment amount to the merchant transaction.
The September deadline, which will not be changed, is fast approaching. Merchants are being advised not to ignore their obligation or “wait to see what happens” and ensure their payment process is compliant with the SCA requirement. There is some indication that many retailers and other merchants are unaware or have limited understanding of the changes required under SCA.