Enhanced Security for Payments

What is PSD2?

PSD2 is the English acronym commonly used to refer to the second European Payment Services Directive.

PSD2, applicable since 2018, aims to promote transparency, innovation, and greater security in payment services. In addition to introducing new payment services, it establishes additional security requirements for electronic payment transactions and online account access.

New Security Measures

On September 14, the applicable technical security standards will come into force – Commission Delegated Regulation (EU) 2018/389 (known as RTS on SCA & CSC) – which establishes the obligations for strong customer authentication.

From this date, electronic payment operations must be carried out with strong customer authentication unless an exemption can be applied.

Its implementation will entail some changes in the customer payment experience, not only in online banking and mobile banking applications but also in card payments, for both e-commerce and in-person transactions.

What is Strong Customer Authentication?

Strong Customer Authentication (SCA) is a procedure for verifying customer identity in the electronic environment. In accordance with the new regulations, this identification must include two or more authentication factors from the following categories:

• Possession (something only the user owns)
• Inherence (something the user is)
• Knowledge (something only the user knows)

What does the implementation of strong customer authentication entail?

In practice, electronic payments already have high security levels; however, the application of the new regulations requires that, on occasion, additional authentication elements must be introduced for payments that previously did not require them.

For example, in addition to the usual codes (something the user knows), a code may be sent to a device (something the user possesses), or biometric factors may be introduced (something the user is).

Each bank will individually inform its customers how strong customer authentication will affect banking operations. In this regard, banks are working to ensure that the incorporation of strong customer authentication into these operations strikes an appropriate balance between security and the need for ease of use and accessibility of electronic payments.

Basic Internet Security Tips

The additional requirements will reinforce security in electronic operations; however, it is advisable to remember some basic tips for users of banking services to operate consciously and responsibly:

• Verify that credentials are entered into the bank’s online banking or mobile application, and not into fraudulent portals or applications.
• The bank will never ask for information about security codes and elements for operating through remote channels, whether by phone or email.
• Do not share your online banking, mobile banking, or card passwords with anyone.
• Be cautious and never install programs received via email; only use official websites.
• Do not enter private data on public “Wi-Fi” networks.
• If in doubt, contact your bank.

More information on security measures is available via this link.

Download the document