SlideShare a Scribd company logo

PSD2, SCA and the EBA’s Opinion on SCA – Decoded

TransUnion
TransUnion

The strong customer authentication (SCA) requirements under PSD2 are set to go live this September. Unfortunately, there’s a general opinion that many will not be ready, which has been echoed by the European Banking Authority (EBA). In their recent opinion on SCA, the EBA has conceded that there is a lack of preparedness, especially for downstream actors such as e-commerce merchants. Join us as we walk through what the recent opinion means, including: The role of 3-D Secure in meeting SCA requirements What flexibility there may be in implementing SCA Compliance with different authentication methods for SCA Factors to consider when implementing an SCA solution How to minimize the impact of SCA on your customer journey

Technology
1 of 32
1© iovation. All Rights Reserved Angie White PSD2, SCA and the EBA’s Opinion on SCA – Decoded
© iovation. All Rights Reserved 2 6.1 Billion Devices seen by our network 45 Billion Transactions protected 26 Million Transactions protected per day 16 Million Daily logins protected 4,900 Size of our cybercrime network 69 Million Fraud reports placed by our cybercrime network Web Sites and Apps Protected 35,000
© iovation. All Rights Reserved 3 Key callouts from EBA Opinion on SCA Some flexibility on the deadline for implementing SCA The role of 3-D Secure in meeting SCA requirements Clarity on authentication factors compliant with SCA
© iovation. All Rights Reserved 4 PSD2 Strong Customer Authentication Without the friction
© iovation. All Rights Reserved 5 Clarity on SCA compliance Authentication factors
© iovation. All Rights Reserved 6 Authentication Factor Compliant Fingerprint scanning Yes Voice recognition Yes Vein recognition Yes Hand and face geometry Yes Retina and iris scanning Yes Keystroke dynamics Yes Heart rate or body movement pattern Yes Angle at which the device is held Yes Information transmitted using a communication protocol, such as EMV® 3-D Secure No Memorised swiping path No Inherence EBA opinion on authentication factors compliant with SCA Source: EBA-Op-2019-06
© iovation. All Rights Reserved 7 Authentication Factor Compliant Device possession – OTP Yes Device possession – signature (hardware or software token) Yes Card or device – QR code scanned from external device Yes App or browser – device binding Yes Card using a card reader Yes Card with possession – dynamic card security code Yes App install on the device No Card with possession – card detailed printed on card No Card with possession – printed element (e.g. OTP list) No Possession EBA opinion on authentication factors compliant with SCA Source: EBA-Op-2019-06
© iovation. All Rights Reserved 8 Authentication Factor Compliant Password Yes PIN Yes Knowledge-based challenge questions Yes Passphrase Yes Memorised swiping path Yes Email address or user name No Card details (printed on card) No OTP generated by, or received on, a device (hardware or software token generator, SMS OTP) No Printed matrix card or OTP list No Knowledge EBA opinion on authentication factors compliant with SCA Source: EBA-Op-2019-06
© iovation. All Rights Reserved 9 Timeline for implementation
© iovation. All Rights Reserved “ 10 EBA Opinion The competent authorities (CA) may decide to work with PSPs and relevant stakeholders, including consumers and merchants, to provide limited additional time to allow issuers to migrate to authentication approaches that are compliant with SCA.” Source: EBA-Op-2019-06
© iovation. All Rights Reserved 11 Execute the plan in an expedited manner Supervisory flexibility is available Under the following conditions PSPs have set up a migration plan Have agreed to the plan with their CA
© iovation. All Rights Reserved 12 3D Secure
© iovation. All Rights Reserved “ 13 EBA Opinion … communication protocols such as EMV® 3-D Secure provide a means for merchants to support the use of SCA.The EBA notes that versions 2.0 and newer support a variety of SCA methods, while trying to: • ensure customer convenience, • limiting fraud through data sharing and transaction risk analysis, • and enable the use of exemptions set out in the RTS. For those reasons, the EBA encourages the use of such communication protocols and expedient onboarding. Older protocols such as EMV® 3-D Secure version 1.0, although supporting the use of SCA, are not fully adapted to PSD2.” Source: EBA-Op-2019-06
© iovation. All Rights Reserved 14 What’s the solution?
© iovation. All Rights Reserved 15 Drive authentication decisioning based on risk signals Maximize exemptions to SCA Reduce friction for transactions subject to SCA
16 Meet SCA Requirements of PSD2 Offer non-regulated payment methods Apply transaction risk analysis to filter out low risk transactions Filter transactions that are exempted from SCA Optimize the user experience for transactions that require SCA Alternative e-payment Methods Transaction risk analysis Optimize user experience SCA exemptions e-commerce transactions Source: Aite Group Report “PSD2: Advent of the New Payments Market in Europe”
© iovation. All Rights Reserved 17 A layered approach to meeting SCA requirements Source: Aite Group Report “PSD2: Advent of the New Payments Market in Europe”
© iovation. All Rights Reserved 18 Exemptions to SCA ‘Low risk’ transactions can be exempted
© iovation. All Rights Reserved 19 Maximize exemptions Transaction risk analysis
© iovation. All Rights Reserved 20 PSD2 Transaction Risk Analysis Requirements Maximize Exemptions
© iovation. All Rights Reserved 21 Transaction risk analysis Remote card-based payments Exemption Threshold Value Reference Fraud Rate % Remote Card-based Payments €500 <0.01 €250 0.01 - 0.06 €100 0.06 - 0.13 0 - €30 Default
© iovation. All Rights Reserved 22 Maximize Exemptions Delight Customers Merchants can contractually agree with the acquirer to share the risk of applying TRA exemptions. The acquirer can then rely on the risk management systems of the merchant Merchants retain greater control over the customer journey Reduce Friction Retaining Control of the Buyer’s Journey Leveraging Transaction Risk Analysis (TRA)
© iovation. All Rights Reserved 23 Competitive advantages The British Retail Consortium estimates that 25 percent to 30 percent of online purchases may fail when the SCA measures are rolled out. One-click Shopping Cost Savings Improved Experience *Source: Dailymail.co.uk, Online shopping code for confusion!, PUBLISHED: 16:10 EDT, 30 July 2019
© iovation. All Rights Reserved 24 Risk-based consumer authentication SCA without the friction
25 v Or this much assurance?Do you need this much assurance?
Match Grant Access No Match or Risk Signals Account-to- Device Pairing & Risk Evaluation Persistent Session Token Login User Access Customer Access Login Device Registration SUCCESS Step-Up *** *** Device-based authentication
© iovation. All Rights Reserved 27 Something you KNOW Something you HAVE Something you ARE Mobile MFA Unified, Simplified And Personalized
28 “How can I provide strong, unified authentication for security-conscious customers?” Through any channel, digital or physical
© iovation. All Rights Reserved 29 MOBILE APP KIOSK LOYALTY PROGRAM WEB CALL CENTER AUTHENTICATION IN NATIVE APPLICATION Companies with a strong omnichannel strategy saw an average customer retention rate of 89% Unified Access for Customers Omnichannel Authentication
30 DEVICE-BASED AUTHENTICATION DEVICE-BASED REPUTATIONMULTIFACTOR AUTHENTICATION LOGIN CUSTOMER SUPPORT PROCESS PAYMENT THIRD PARTY ACCESS REQUEST ADD REGISTERED DEVICE TO ACCOUNT Solve For: SCA Requirements Unauthorized Access Solve For: Account Takeover Call Center Fraud Solve For: Customer Friction Account Takeover Solve For: SCA Requirements Prevent Payment Fraud Solve For: SCA Requirements Access Control Account Takeover Optimized PSP Customer Journey for PSD2
31 DEVICE-BASED AUTHENTICATION DEVICE-BASED REPUTATIONMULTIFACTOR AUTHENTICATION LOGIN CALL CENTER PURCHASE SUBJECT TO SCA ACCOUNT SETUP PURCHASE Solve For: Fraudulent Accounts Promotions Abuse Solve For: Account Takeover Call Center Fraud Shipping Fraud Solve For: Account Takeover Customer Friction Solve For: SCA Requirements Promotions Abuse CNP Fraud Shipping Fraud Gift Card Fraud Solve For: Secure Payments Promotions Abuse CNP Fraud Shipping Fraud Optimized Merchant Customer Journey for PSD2
32© iovation. All Rights Reserved •Q&A

Recommended

Mobile money at the crossroads final
Mobile money at the crossroads final Mobile money at the crossroads final
Mobile money at the crossroads final Camilo Tellez
 
Operator bank relationships
Operator bank relationshipsOperator bank relationships
Operator bank relationshipsCamilo Tellez
 
Profitability presentation
Profitability presentation Profitability presentation
Profitability presentation Camilo Tellez
 
PSD2 & Open Banking: How to go from standards to implementation and compliance
PSD2 & Open Banking: How to go from standards to implementation and compliancePSD2 & Open Banking: How to go from standards to implementation and compliance
PSD2 & Open Banking: How to go from standards to implementation and complianceRogue Wave Software
 
QSecure Presentation at RSA 2011
QSecure Presentation at RSA 2011QSecure Presentation at RSA 2011
QSecure Presentation at RSA 2011jhatch9418
 
Chapter 10 stored value facilities
Chapter 10 stored value facilitiesChapter 10 stored value facilities
Chapter 10 stored value facilitiesQuan Risk
 
How the UK's #1 Mobile Network Enhanced Its Approval Rate by 10%, with Zero F...
How the UK's #1 Mobile Network Enhanced Its Approval Rate by 10%, with Zero F...How the UK's #1 Mobile Network Enhanced Its Approval Rate by 10%, with Zero F...
How the UK's #1 Mobile Network Enhanced Its Approval Rate by 10%, with Zero F...Vesta Corporation
 
Building infrastructure for_collaborative_fintech_3.0
Building infrastructure for_collaborative_fintech_3.0Building infrastructure for_collaborative_fintech_3.0
Building infrastructure for_collaborative_fintech_3.0Samuel Olaegbe
 

Recommended

Mobile money at the crossroads final
Mobile money at the crossroads final Mobile money at the crossroads final
Mobile money at the crossroads final Camilo Tellez
 
Operator bank relationships
Operator bank relationshipsOperator bank relationships
Operator bank relationshipsCamilo Tellez
 
Profitability presentation
Profitability presentation Profitability presentation
Profitability presentation Camilo Tellez
 
PSD2 & Open Banking: How to go from standards to implementation and compliance
PSD2 & Open Banking: How to go from standards to implementation and compliancePSD2 & Open Banking: How to go from standards to implementation and compliance
PSD2 & Open Banking: How to go from standards to implementation and complianceRogue Wave Software
 
QSecure Presentation at RSA 2011
QSecure Presentation at RSA 2011QSecure Presentation at RSA 2011
QSecure Presentation at RSA 2011jhatch9418
 
Chapter 10 stored value facilities
Chapter 10 stored value facilitiesChapter 10 stored value facilities
Chapter 10 stored value facilitiesQuan Risk
 
How the UK's #1 Mobile Network Enhanced Its Approval Rate by 10%, with Zero F...
How the UK's #1 Mobile Network Enhanced Its Approval Rate by 10%, with Zero F...How the UK's #1 Mobile Network Enhanced Its Approval Rate by 10%, with Zero F...
How the UK's #1 Mobile Network Enhanced Its Approval Rate by 10%, with Zero F...Vesta Corporation
 
Building infrastructure for_collaborative_fintech_3.0
Building infrastructure for_collaborative_fintech_3.0Building infrastructure for_collaborative_fintech_3.0
Building infrastructure for_collaborative_fintech_3.0Samuel Olaegbe
 
7 Ways to Make EMV Easier / Webinar
7 Ways to Make EMV Easier / Webinar7 Ways to Make EMV Easier / Webinar
7 Ways to Make EMV Easier / WebinarIngenico Group
 
Vesta Corporation V-Guaranteed Payments Solution
Vesta Corporation V-Guaranteed Payments SolutionVesta Corporation V-Guaranteed Payments Solution
Vesta Corporation V-Guaranteed Payments SolutionMichael Alberse
 
7.2 gsm-association-fraud-forum
7.2 gsm-association-fraud-forum7.2 gsm-association-fraud-forum
7.2 gsm-association-fraud-forumkkvences
 
PCI P2PE - World's first PCI-P2PE certified mPOS app
PCI P2PE - World's first PCI-P2PE certified mPOS appPCI P2PE - World's first PCI-P2PE certified mPOS app
PCI P2PE - World's first PCI-P2PE certified mPOS appHandpoint mobile POS
 
European Payments Initiative Hybrid MeetUp_K.Herreman_Azzana_210624
European Payments Initiative Hybrid MeetUp_K.Herreman_Azzana_210624European Payments Initiative Hybrid MeetUp_K.Herreman_Azzana_210624
European Payments Initiative Hybrid MeetUp_K.Herreman_Azzana_210624FinTech Belgium
 
TNS Trends in the Payments Value Chain
TNS Trends in the Payments Value ChainTNS Trends in the Payments Value Chain
TNS Trends in the Payments Value ChainTNSIMarketing
 
Increase conversion, convenience and security in e-commerce checkouts - Silke...
Increase conversion, convenience and security in e-commerce checkouts - Silke...Increase conversion, convenience and security in e-commerce checkouts - Silke...
Increase conversion, convenience and security in e-commerce checkouts - Silke...Netcetera
 
Semi-Integrated Payments / A Simplified Approach to EMV & PCI
Semi-Integrated Payments / A Simplified Approach to EMV & PCISemi-Integrated Payments / A Simplified Approach to EMV & PCI
Semi-Integrated Payments / A Simplified Approach to EMV & PCIIngenico Group
 
Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...
Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...
Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...TransUnion
 
EMV Myths Debunked / Fact vs. Fiction
EMV Myths Debunked / Fact vs. FictionEMV Myths Debunked / Fact vs. Fiction
EMV Myths Debunked / Fact vs. FictionIngenico Group
 
CardPointe Pricing
CardPointe PricingCardPointe Pricing
CardPointe PricingTony Shap
 
The Customer Journey to Regular Usage - MMU Global Event 2013
The Customer Journey to Regular Usage - MMU Global Event 2013The Customer Journey to Regular Usage - MMU Global Event 2013
The Customer Journey to Regular Usage - MMU Global Event 2013GSMA Mobile for Development
 
PSD2: The Advent of the New Payments Market in Europe
PSD2: The Advent of the New Payments Market in EuropePSD2: The Advent of the New Payments Market in Europe
PSD2: The Advent of the New Payments Market in EuropeTransUnion
 
Emerging Trends in Information Security and Privacy
Emerging Trends in Information Security and PrivacyEmerging Trends in Information Security and Privacy
Emerging Trends in Information Security and Privacylgcdcpas
 
[Ekata] Unlocking the Potential of PSD2 SCA.pdf
[Ekata] Unlocking the Potential of PSD2 SCA.pdf[Ekata] Unlocking the Potential of PSD2 SCA.pdf
[Ekata] Unlocking the Potential of PSD2 SCA.pdfChinmayaShrivastava1
 
Strong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsStrong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsFIDO Alliance
 
Go Beyond PSD2 Compliance with Digital Identity
Go Beyond PSD2 Compliance with Digital Identity Go Beyond PSD2 Compliance with Digital Identity
Go Beyond PSD2 Compliance with Digital Identity ForgeRock
 
Visa Compliance Mark National Certification
Visa Compliance Mark National CertificationVisa Compliance Mark National Certification
Visa Compliance Mark National CertificationMark Pollard
 
3D-Secure 2.2 Webinar
3D-Secure 2.2 Webinar3D-Secure 2.2 Webinar
3D-Secure 2.2 WebinarIvona M
 
Webpay - Payment Gateway Business Plan
Webpay - Payment Gateway Business PlanWebpay - Payment Gateway Business Plan
Webpay - Payment Gateway Business PlanMufaddal Nullwala
 
Digital Payment in 2020 - Kurt Schmid, Netcetera
Digital Payment in 2020 - Kurt Schmid, NetceteraDigital Payment in 2020 - Kurt Schmid, Netcetera
Digital Payment in 2020 - Kurt Schmid, NetceteraNetcetera
 
How To Sell PCI Compliance (External)
How To Sell PCI Compliance (External)How To Sell PCI Compliance (External)
How To Sell PCI Compliance (External)Greg Naderi
 

More Related Content

What's hot

7 Ways to Make EMV Easier / Webinar
7 Ways to Make EMV Easier / Webinar7 Ways to Make EMV Easier / Webinar
7 Ways to Make EMV Easier / WebinarIngenico Group
 
Vesta Corporation V-Guaranteed Payments Solution
Vesta Corporation V-Guaranteed Payments SolutionVesta Corporation V-Guaranteed Payments Solution
Vesta Corporation V-Guaranteed Payments SolutionMichael Alberse
 
7.2 gsm-association-fraud-forum
7.2 gsm-association-fraud-forum7.2 gsm-association-fraud-forum
7.2 gsm-association-fraud-forumkkvences
 
PCI P2PE - World's first PCI-P2PE certified mPOS app
PCI P2PE - World's first PCI-P2PE certified mPOS appPCI P2PE - World's first PCI-P2PE certified mPOS app
PCI P2PE - World's first PCI-P2PE certified mPOS appHandpoint mobile POS
 
European Payments Initiative Hybrid MeetUp_K.Herreman_Azzana_210624
European Payments Initiative Hybrid MeetUp_K.Herreman_Azzana_210624European Payments Initiative Hybrid MeetUp_K.Herreman_Azzana_210624
European Payments Initiative Hybrid MeetUp_K.Herreman_Azzana_210624FinTech Belgium
 
TNS Trends in the Payments Value Chain
TNS Trends in the Payments Value ChainTNS Trends in the Payments Value Chain
TNS Trends in the Payments Value ChainTNSIMarketing
 
Increase conversion, convenience and security in e-commerce checkouts - Silke...
Increase conversion, convenience and security in e-commerce checkouts - Silke...Increase conversion, convenience and security in e-commerce checkouts - Silke...
Increase conversion, convenience and security in e-commerce checkouts - Silke...Netcetera
 
Semi-Integrated Payments / A Simplified Approach to EMV & PCI
Semi-Integrated Payments / A Simplified Approach to EMV & PCISemi-Integrated Payments / A Simplified Approach to EMV & PCI
Semi-Integrated Payments / A Simplified Approach to EMV & PCIIngenico Group
 
Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...
Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...
Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...TransUnion
 
EMV Myths Debunked / Fact vs. Fiction
EMV Myths Debunked / Fact vs. FictionEMV Myths Debunked / Fact vs. Fiction
EMV Myths Debunked / Fact vs. FictionIngenico Group
 
CardPointe Pricing
CardPointe PricingCardPointe Pricing
CardPointe PricingTony Shap
 
The Customer Journey to Regular Usage - MMU Global Event 2013
The Customer Journey to Regular Usage - MMU Global Event 2013The Customer Journey to Regular Usage - MMU Global Event 2013
The Customer Journey to Regular Usage - MMU Global Event 2013GSMA Mobile for Development
 

What's hot (12)

7 Ways to Make EMV Easier / Webinar
7 Ways to Make EMV Easier / Webinar7 Ways to Make EMV Easier / Webinar
7 Ways to Make EMV Easier / Webinar
 
Vesta Corporation V-Guaranteed Payments Solution
Vesta Corporation V-Guaranteed Payments SolutionVesta Corporation V-Guaranteed Payments Solution
Vesta Corporation V-Guaranteed Payments Solution
 
7.2 gsm-association-fraud-forum
7.2 gsm-association-fraud-forum7.2 gsm-association-fraud-forum
7.2 gsm-association-fraud-forum
 
PCI P2PE - World's first PCI-P2PE certified mPOS app
PCI P2PE - World's first PCI-P2PE certified mPOS appPCI P2PE - World's first PCI-P2PE certified mPOS app
PCI P2PE - World's first PCI-P2PE certified mPOS app
 
European Payments Initiative Hybrid MeetUp_K.Herreman_Azzana_210624
European Payments Initiative Hybrid MeetUp_K.Herreman_Azzana_210624European Payments Initiative Hybrid MeetUp_K.Herreman_Azzana_210624
European Payments Initiative Hybrid MeetUp_K.Herreman_Azzana_210624
 
TNS Trends in the Payments Value Chain
TNS Trends in the Payments Value ChainTNS Trends in the Payments Value Chain
TNS Trends in the Payments Value Chain
 
Increase conversion, convenience and security in e-commerce checkouts - Silke...
Increase conversion, convenience and security in e-commerce checkouts - Silke...Increase conversion, convenience and security in e-commerce checkouts - Silke...
Increase conversion, convenience and security in e-commerce checkouts - Silke...
 
Semi-Integrated Payments / A Simplified Approach to EMV & PCI
Semi-Integrated Payments / A Simplified Approach to EMV & PCISemi-Integrated Payments / A Simplified Approach to EMV & PCI
Semi-Integrated Payments / A Simplified Approach to EMV & PCI
 
Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...
Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...
Fraud Prevention Strategies to Fight First-Party Fraud and Synthetic Identity...
 
EMV Myths Debunked / Fact vs. Fiction
EMV Myths Debunked / Fact vs. FictionEMV Myths Debunked / Fact vs. Fiction
EMV Myths Debunked / Fact vs. Fiction
 
CardPointe Pricing
CardPointe PricingCardPointe Pricing
CardPointe Pricing
 
The Customer Journey to Regular Usage - MMU Global Event 2013
The Customer Journey to Regular Usage - MMU Global Event 2013The Customer Journey to Regular Usage - MMU Global Event 2013
The Customer Journey to Regular Usage - MMU Global Event 2013
 

Similar to PSD2, SCA and the EBA’s Opinion on SCA – Decoded

PSD2: The Advent of the New Payments Market in Europe
PSD2: The Advent of the New Payments Market in EuropePSD2: The Advent of the New Payments Market in Europe
PSD2: The Advent of the New Payments Market in EuropeTransUnion
 
Emerging Trends in Information Security and Privacy
Emerging Trends in Information Security and PrivacyEmerging Trends in Information Security and Privacy
Emerging Trends in Information Security and Privacylgcdcpas
 
[Ekata] Unlocking the Potential of PSD2 SCA.pdf
[Ekata] Unlocking the Potential of PSD2 SCA.pdf[Ekata] Unlocking the Potential of PSD2 SCA.pdf
[Ekata] Unlocking the Potential of PSD2 SCA.pdfChinmayaShrivastava1
 
Strong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsStrong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsFIDO Alliance
 
Go Beyond PSD2 Compliance with Digital Identity
Go Beyond PSD2 Compliance with Digital Identity Go Beyond PSD2 Compliance with Digital Identity
Go Beyond PSD2 Compliance with Digital Identity ForgeRock
 
Visa Compliance Mark National Certification
Visa Compliance Mark National CertificationVisa Compliance Mark National Certification
Visa Compliance Mark National CertificationMark Pollard
 
3D-Secure 2.2 Webinar
3D-Secure 2.2 Webinar3D-Secure 2.2 Webinar
3D-Secure 2.2 WebinarIvona M
 
Webpay - Payment Gateway Business Plan
Webpay - Payment Gateway Business PlanWebpay - Payment Gateway Business Plan
Webpay - Payment Gateway Business PlanMufaddal Nullwala
 
Digital Payment in 2020 - Kurt Schmid, Netcetera
Digital Payment in 2020 - Kurt Schmid, NetceteraDigital Payment in 2020 - Kurt Schmid, Netcetera
Digital Payment in 2020 - Kurt Schmid, NetceteraNetcetera
 
How To Sell PCI Compliance (External)
How To Sell PCI Compliance (External)How To Sell PCI Compliance (External)
How To Sell PCI Compliance (External)Greg Naderi
 
101007 How To Sell Pci Compliance (External)
101007 How To Sell Pci Compliance (External)101007 How To Sell Pci Compliance (External)
101007 How To Sell Pci Compliance (External)Greg Naderi
 
September 2015 vasco investor presention final
September 2015 vasco investor presention finalSeptember 2015 vasco investor presention final
September 2015 vasco investor presention finalrodrida1
 
October 2015 Vasco investor presention
October 2015 Vasco investor presentionOctober 2015 Vasco investor presention
October 2015 Vasco investor presentionrodrida1
 
Money Laundering Risk Technological Perspective Fina Lv1
Money Laundering Risk Technological Perspective Fina Lv1Money Laundering Risk Technological Perspective Fina Lv1
Money Laundering Risk Technological Perspective Fina Lv1anthonywong
 
Transactions Using Bio-Metric Authentication
Transactions Using Bio-Metric AuthenticationTransactions Using Bio-Metric Authentication
Transactions Using Bio-Metric AuthenticationIRJET Journal
 
Dollar_iSignthis brochures
Dollar_iSignthis brochuresDollar_iSignthis brochures
Dollar_iSignthis brochuresJohn Karantzis
 
The potentials for e-Commerce payments' growth in Ethiopia and the need for s...
The potentials for e-Commerce payments' growth in Ethiopia and the need for s...The potentials for e-Commerce payments' growth in Ethiopia and the need for s...
The potentials for e-Commerce payments' growth in Ethiopia and the need for s...The i-Capital Africa Institute
 
Prepaid Payment Regulatory Aspects
Prepaid Payment Regulatory AspectsPrepaid Payment Regulatory Aspects
Prepaid Payment Regulatory AspectsRaghavendra L Rao
 
Open Banking and Payment Service Directive
Open Banking and Payment Service DirectiveOpen Banking and Payment Service Directive
Open Banking and Payment Service DirectiveLac Vuong
 

Similar to PSD2, SCA and the EBA’s Opinion on SCA – Decoded (20)

PSD2: The Advent of the New Payments Market in Europe
PSD2: The Advent of the New Payments Market in EuropePSD2: The Advent of the New Payments Market in Europe
PSD2: The Advent of the New Payments Market in Europe
 
Emerging Trends in Information Security and Privacy
Emerging Trends in Information Security and PrivacyEmerging Trends in Information Security and Privacy
Emerging Trends in Information Security and Privacy
 
[Ekata] Unlocking the Potential of PSD2 SCA.pdf
[Ekata] Unlocking the Potential of PSD2 SCA.pdf[Ekata] Unlocking the Potential of PSD2 SCA.pdf
[Ekata] Unlocking the Potential of PSD2 SCA.pdf
 
Strong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsStrong Customer Authentication & Biometrics
Strong Customer Authentication & Biometrics
 
Go Beyond PSD2 Compliance with Digital Identity
Go Beyond PSD2 Compliance with Digital Identity Go Beyond PSD2 Compliance with Digital Identity
Go Beyond PSD2 Compliance with Digital Identity
 
Visa Compliance Mark National Certification
Visa Compliance Mark National CertificationVisa Compliance Mark National Certification
Visa Compliance Mark National Certification
 
3D-Secure 2.2 Webinar
3D-Secure 2.2 Webinar3D-Secure 2.2 Webinar
3D-Secure 2.2 Webinar
 
Webpay - Payment Gateway Business Plan
Webpay - Payment Gateway Business PlanWebpay - Payment Gateway Business Plan
Webpay - Payment Gateway Business Plan
 
Digital Payment in 2020 - Kurt Schmid, Netcetera
Digital Payment in 2020 - Kurt Schmid, NetceteraDigital Payment in 2020 - Kurt Schmid, Netcetera
Digital Payment in 2020 - Kurt Schmid, Netcetera
 
How To Sell PCI Compliance (External)
How To Sell PCI Compliance (External)How To Sell PCI Compliance (External)
How To Sell PCI Compliance (External)
 
101007 How To Sell Pci Compliance (External)
101007 How To Sell Pci Compliance (External)101007 How To Sell Pci Compliance (External)
101007 How To Sell Pci Compliance (External)
 
September 2015 vasco investor presention final
September 2015 vasco investor presention finalSeptember 2015 vasco investor presention final
September 2015 vasco investor presention final
 
October 2015 Vasco investor presention
October 2015 Vasco investor presentionOctober 2015 Vasco investor presention
October 2015 Vasco investor presention
 
Psd2 brochure
Psd2 brochurePsd2 brochure
Psd2 brochure
 
Money Laundering Risk Technological Perspective Fina Lv1
Money Laundering Risk Technological Perspective Fina Lv1Money Laundering Risk Technological Perspective Fina Lv1
Money Laundering Risk Technological Perspective Fina Lv1
 
Transactions Using Bio-Metric Authentication
Transactions Using Bio-Metric AuthenticationTransactions Using Bio-Metric Authentication
Transactions Using Bio-Metric Authentication
 
Dollar_iSignthis brochures
Dollar_iSignthis brochuresDollar_iSignthis brochures
Dollar_iSignthis brochures
 
The potentials for e-Commerce payments' growth in Ethiopia and the need for s...
The potentials for e-Commerce payments' growth in Ethiopia and the need for s...The potentials for e-Commerce payments' growth in Ethiopia and the need for s...
The potentials for e-Commerce payments' growth in Ethiopia and the need for s...
 
Prepaid Payment Regulatory Aspects
Prepaid Payment Regulatory AspectsPrepaid Payment Regulatory Aspects
Prepaid Payment Regulatory Aspects
 
Open Banking and Payment Service Directive
Open Banking and Payment Service DirectiveOpen Banking and Payment Service Directive
Open Banking and Payment Service Directive
 

More from TransUnion

Leverage Gartner’s Insight for Assessing the Total Cost of Fraud in Your Paym...
Leverage Gartner’s Insight for Assessing the Total Cost of Fraud in Your Paym...Leverage Gartner’s Insight for Assessing the Total Cost of Fraud in Your Paym...
Leverage Gartner’s Insight for Assessing the Total Cost of Fraud in Your Paym...TransUnion
 
A New Imperative: Global Privacy and Data Strategies
A New Imperative: Global Privacy and Data StrategiesA New Imperative: Global Privacy and Data Strategies
A New Imperative: Global Privacy and Data StrategiesTransUnion
 
The Business Imperative for Identity, Trust and Data Stewardship
The Business Imperative for Identity, Trust and Data StewardshipThe Business Imperative for Identity, Trust and Data Stewardship
The Business Imperative for Identity, Trust and Data StewardshipTransUnion
 
2020 i gaming report webinar
2020 i gaming report webinar 2020 i gaming report webinar
2020 i gaming report webinar TransUnion
 
Financial services report webinar v4
Financial services report webinar v4Financial services report webinar v4
Financial services report webinar v4TransUnion
 
Webinar: Roll Out the VIP Path to Play
Webinar: Roll Out the VIP Path to PlayWebinar: Roll Out the VIP Path to Play
Webinar: Roll Out the VIP Path to PlayTransUnion
 
Combating Social Engineering and Account Takeover by a Former U.S. Cybercriminal
Combating Social Engineering and Account Takeover by a Former U.S. CybercriminalCombating Social Engineering and Account Takeover by a Former U.S. Cybercriminal
Combating Social Engineering and Account Takeover by a Former U.S. CybercriminalTransUnion
 
How Confused.com and iovation Fight Ghost Broking
How Confused.com and iovation Fight Ghost BrokingHow Confused.com and iovation Fight Ghost Broking
How Confused.com and iovation Fight Ghost BrokingTransUnion
 
Keeping Your Customers Happy and Safe: Authentication and Authorization Strat...
Keeping Your Customers Happy and Safe: Authentication and Authorization Strat...Keeping Your Customers Happy and Safe: Authentication and Authorization Strat...
Keeping Your Customers Happy and Safe: Authentication and Authorization Strat...TransUnion
 
The Insurance Digital Revolution Has a Fraud Problem
The Insurance Digital Revolution Has a Fraud ProblemThe Insurance Digital Revolution Has a Fraud Problem
The Insurance Digital Revolution Has a Fraud ProblemTransUnion
 
How E-Commerce Providers Can Remove ATO from Their Carts
How E-Commerce Providers Can Remove ATO from Their CartsHow E-Commerce Providers Can Remove ATO from Their Carts
How E-Commerce Providers Can Remove ATO from Their CartsTransUnion
 
2019 iovation Gambling Industry Report Highlights
2019 iovation Gambling Industry Report Highlights2019 iovation Gambling Industry Report Highlights
2019 iovation Gambling Industry Report HighlightsTransUnion
 
Nice Try, ATO: Use Customers’ Devices to Transparently Enhance Account Security
Nice Try, ATO: Use Customers’ Devices to Transparently Enhance Account SecurityNice Try, ATO: Use Customers’ Devices to Transparently Enhance Account Security
Nice Try, ATO: Use Customers’ Devices to Transparently Enhance Account SecurityTransUnion
 
Definitive Guide to Next-generation Fraud Prevention: Techniques for the Mobi...
Definitive Guide to Next-generation Fraud Prevention: Techniques for the Mobi...Definitive Guide to Next-generation Fraud Prevention: Techniques for the Mobi...
Definitive Guide to Next-generation Fraud Prevention: Techniques for the Mobi...TransUnion
 
Battling Credit Write-Offs by Identifying Synthetic Identity (Gartner Report ...
Battling Credit Write-Offs by Identifying Synthetic Identity (Gartner Report ...Battling Credit Write-Offs by Identifying Synthetic Identity (Gartner Report ...
Battling Credit Write-Offs by Identifying Synthetic Identity (Gartner Report ...TransUnion
 
Working at the Margins: Change Agents in the Converged World (Gartner Report ...
Working at the Margins: Change Agents in the Converged World (Gartner Report ...Working at the Margins: Change Agents in the Converged World (Gartner Report ...
Working at the Margins: Change Agents in the Converged World (Gartner Report ...TransUnion
 
Feeding the Beast-How Fraud Tools Bring Context into Authentication (Gartner ...
Feeding the Beast-How Fraud Tools Bring Context into Authentication (Gartner ...Feeding the Beast-How Fraud Tools Bring Context into Authentication (Gartner ...
Feeding the Beast-How Fraud Tools Bring Context into Authentication (Gartner ...TransUnion
 
Gartner Offers a Converged and Compelling Future (Gartner Report Part 1)
Gartner Offers a Converged and Compelling Future (Gartner Report Part 1)Gartner Offers a Converged and Compelling Future (Gartner Report Part 1)
Gartner Offers a Converged and Compelling Future (Gartner Report Part 1)TransUnion
 
4 GDPR Hacks to Mitigate Breach Risks Post GDPR
4 GDPR Hacks to Mitigate Breach Risks Post GDPR4 GDPR Hacks to Mitigate Breach Risks Post GDPR
4 GDPR Hacks to Mitigate Breach Risks Post GDPRTransUnion
 
Lunch and Learn: MFA vs 2FA Just A Numbers Game, or Real Value?
Lunch and Learn: MFA vs 2FA Just A Numbers Game, or Real Value?Lunch and Learn: MFA vs 2FA Just A Numbers Game, or Real Value?
Lunch and Learn: MFA vs 2FA Just A Numbers Game, or Real Value?TransUnion
 

More from TransUnion (20)

Leverage Gartner’s Insight for Assessing the Total Cost of Fraud in Your Paym...
Leverage Gartner’s Insight for Assessing the Total Cost of Fraud in Your Paym...Leverage Gartner’s Insight for Assessing the Total Cost of Fraud in Your Paym...
Leverage Gartner’s Insight for Assessing the Total Cost of Fraud in Your Paym...
 
A New Imperative: Global Privacy and Data Strategies
A New Imperative: Global Privacy and Data StrategiesA New Imperative: Global Privacy and Data Strategies
A New Imperative: Global Privacy and Data Strategies
 
The Business Imperative for Identity, Trust and Data Stewardship
The Business Imperative for Identity, Trust and Data StewardshipThe Business Imperative for Identity, Trust and Data Stewardship
The Business Imperative for Identity, Trust and Data Stewardship
 
2020 i gaming report webinar
2020 i gaming report webinar 2020 i gaming report webinar
2020 i gaming report webinar
 
Financial services report webinar v4
Financial services report webinar v4Financial services report webinar v4
Financial services report webinar v4
 
Webinar: Roll Out the VIP Path to Play
Webinar: Roll Out the VIP Path to PlayWebinar: Roll Out the VIP Path to Play
Webinar: Roll Out the VIP Path to Play
 
Combating Social Engineering and Account Takeover by a Former U.S. Cybercriminal
Combating Social Engineering and Account Takeover by a Former U.S. CybercriminalCombating Social Engineering and Account Takeover by a Former U.S. Cybercriminal
Combating Social Engineering and Account Takeover by a Former U.S. Cybercriminal
 
How Confused.com and iovation Fight Ghost Broking
How Confused.com and iovation Fight Ghost BrokingHow Confused.com and iovation Fight Ghost Broking
How Confused.com and iovation Fight Ghost Broking
 
Keeping Your Customers Happy and Safe: Authentication and Authorization Strat...
Keeping Your Customers Happy and Safe: Authentication and Authorization Strat...Keeping Your Customers Happy and Safe: Authentication and Authorization Strat...
Keeping Your Customers Happy and Safe: Authentication and Authorization Strat...
 
The Insurance Digital Revolution Has a Fraud Problem
The Insurance Digital Revolution Has a Fraud ProblemThe Insurance Digital Revolution Has a Fraud Problem
The Insurance Digital Revolution Has a Fraud Problem
 
How E-Commerce Providers Can Remove ATO from Their Carts
How E-Commerce Providers Can Remove ATO from Their CartsHow E-Commerce Providers Can Remove ATO from Their Carts
How E-Commerce Providers Can Remove ATO from Their Carts
 
2019 iovation Gambling Industry Report Highlights
2019 iovation Gambling Industry Report Highlights2019 iovation Gambling Industry Report Highlights
2019 iovation Gambling Industry Report Highlights
 
Nice Try, ATO: Use Customers’ Devices to Transparently Enhance Account Security
Nice Try, ATO: Use Customers’ Devices to Transparently Enhance Account SecurityNice Try, ATO: Use Customers’ Devices to Transparently Enhance Account Security
Nice Try, ATO: Use Customers’ Devices to Transparently Enhance Account Security
 
Definitive Guide to Next-generation Fraud Prevention: Techniques for the Mobi...
Definitive Guide to Next-generation Fraud Prevention: Techniques for the Mobi...Definitive Guide to Next-generation Fraud Prevention: Techniques for the Mobi...
Definitive Guide to Next-generation Fraud Prevention: Techniques for the Mobi...
 
Battling Credit Write-Offs by Identifying Synthetic Identity (Gartner Report ...
Battling Credit Write-Offs by Identifying Synthetic Identity (Gartner Report ...Battling Credit Write-Offs by Identifying Synthetic Identity (Gartner Report ...
Battling Credit Write-Offs by Identifying Synthetic Identity (Gartner Report ...
 
Working at the Margins: Change Agents in the Converged World (Gartner Report ...
Working at the Margins: Change Agents in the Converged World (Gartner Report ...Working at the Margins: Change Agents in the Converged World (Gartner Report ...
Working at the Margins: Change Agents in the Converged World (Gartner Report ...
 
Feeding the Beast-How Fraud Tools Bring Context into Authentication (Gartner ...
Feeding the Beast-How Fraud Tools Bring Context into Authentication (Gartner ...Feeding the Beast-How Fraud Tools Bring Context into Authentication (Gartner ...
Feeding the Beast-How Fraud Tools Bring Context into Authentication (Gartner ...
 
Gartner Offers a Converged and Compelling Future (Gartner Report Part 1)
Gartner Offers a Converged and Compelling Future (Gartner Report Part 1)Gartner Offers a Converged and Compelling Future (Gartner Report Part 1)
Gartner Offers a Converged and Compelling Future (Gartner Report Part 1)
 
4 GDPR Hacks to Mitigate Breach Risks Post GDPR
4 GDPR Hacks to Mitigate Breach Risks Post GDPR4 GDPR Hacks to Mitigate Breach Risks Post GDPR
4 GDPR Hacks to Mitigate Breach Risks Post GDPR
 
Lunch and Learn: MFA vs 2FA Just A Numbers Game, or Real Value?
Lunch and Learn: MFA vs 2FA Just A Numbers Game, or Real Value?Lunch and Learn: MFA vs 2FA Just A Numbers Game, or Real Value?
Lunch and Learn: MFA vs 2FA Just A Numbers Game, or Real Value?
 

Recently uploaded

Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 

Recently uploaded (20)

Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 

PSD2, SCA and the EBA’s Opinion on SCA – Decoded

  • 1. 1© iovation. All Rights Reserved Angie White PSD2, SCA and the EBA’s Opinion on SCA – Decoded
  • 2. © iovation. All Rights Reserved 2 6.1 Billion Devices seen by our network 45 Billion Transactions protected 26 Million Transactions protected per day 16 Million Daily logins protected 4,900 Size of our cybercrime network 69 Million Fraud reports placed by our cybercrime network Web Sites and Apps Protected 35,000
  • 3. © iovation. All Rights Reserved 3 Key callouts from EBA Opinion on SCA Some flexibility on the deadline for implementing SCA The role of 3-D Secure in meeting SCA requirements Clarity on authentication factors compliant with SCA
  • 4. © iovation. All Rights Reserved 4 PSD2 Strong Customer Authentication Without the friction
  • 5. © iovation. All Rights Reserved 5 Clarity on SCA compliance Authentication factors
  • 6. © iovation. All Rights Reserved 6 Authentication Factor Compliant Fingerprint scanning Yes Voice recognition Yes Vein recognition Yes Hand and face geometry Yes Retina and iris scanning Yes Keystroke dynamics Yes Heart rate or body movement pattern Yes Angle at which the device is held Yes Information transmitted using a communication protocol, such as EMV® 3-D Secure No Memorised swiping path No Inherence EBA opinion on authentication factors compliant with SCA Source: EBA-Op-2019-06
  • 7. © iovation. All Rights Reserved 7 Authentication Factor Compliant Device possession – OTP Yes Device possession – signature (hardware or software token) Yes Card or device – QR code scanned from external device Yes App or browser – device binding Yes Card using a card reader Yes Card with possession – dynamic card security code Yes App install on the device No Card with possession – card detailed printed on card No Card with possession – printed element (e.g. OTP list) No Possession EBA opinion on authentication factors compliant with SCA Source: EBA-Op-2019-06
  • 8. © iovation. All Rights Reserved 8 Authentication Factor Compliant Password Yes PIN Yes Knowledge-based challenge questions Yes Passphrase Yes Memorised swiping path Yes Email address or user name No Card details (printed on card) No OTP generated by, or received on, a device (hardware or software token generator, SMS OTP) No Printed matrix card or OTP list No Knowledge EBA opinion on authentication factors compliant with SCA Source: EBA-Op-2019-06
  • 9. © iovation. All Rights Reserved 9 Timeline for implementation
  • 10. © iovation. All Rights Reserved “ 10 EBA Opinion The competent authorities (CA) may decide to work with PSPs and relevant stakeholders, including consumers and merchants, to provide limited additional time to allow issuers to migrate to authentication approaches that are compliant with SCA.” Source: EBA-Op-2019-06
  • 11. © iovation. All Rights Reserved 11 Execute the plan in an expedited manner Supervisory flexibility is available Under the following conditions PSPs have set up a migration plan Have agreed to the plan with their CA
  • 12. © iovation. All Rights Reserved 12 3D Secure
  • 13. © iovation. All Rights Reserved “ 13 EBA Opinion … communication protocols such as EMV® 3-D Secure provide a means for merchants to support the use of SCA.The EBA notes that versions 2.0 and newer support a variety of SCA methods, while trying to: • ensure customer convenience, • limiting fraud through data sharing and transaction risk analysis, • and enable the use of exemptions set out in the RTS. For those reasons, the EBA encourages the use of such communication protocols and expedient onboarding. Older protocols such as EMV® 3-D Secure version 1.0, although supporting the use of SCA, are not fully adapted to PSD2.” Source: EBA-Op-2019-06
  • 14. © iovation. All Rights Reserved 14 What’s the solution?
  • 15. © iovation. All Rights Reserved 15 Drive authentication decisioning based on risk signals Maximize exemptions to SCA Reduce friction for transactions subject to SCA
  • 16. 16 Meet SCA Requirements of PSD2 Offer non-regulated payment methods Apply transaction risk analysis to filter out low risk transactions Filter transactions that are exempted from SCA Optimize the user experience for transactions that require SCA Alternative e-payment Methods Transaction risk analysis Optimize user experience SCA exemptions e-commerce transactions Source: Aite Group Report “PSD2: Advent of the New Payments Market in Europe”
  • 17. © iovation. All Rights Reserved 17 A layered approach to meeting SCA requirements Source: Aite Group Report “PSD2: Advent of the New Payments Market in Europe”
  • 18. © iovation. All Rights Reserved 18 Exemptions to SCA ‘Low risk’ transactions can be exempted
  • 19. © iovation. All Rights Reserved 19 Maximize exemptions Transaction risk analysis
  • 20. © iovation. All Rights Reserved 20 PSD2 Transaction Risk Analysis Requirements Maximize Exemptions
  • 21. © iovation. All Rights Reserved 21 Transaction risk analysis Remote card-based payments Exemption Threshold Value Reference Fraud Rate % Remote Card-based Payments €500 <0.01 €250 0.01 - 0.06 €100 0.06 - 0.13 0 - €30 Default
  • 22. © iovation. All Rights Reserved 22 Maximize Exemptions Delight Customers Merchants can contractually agree with the acquirer to share the risk of applying TRA exemptions. The acquirer can then rely on the risk management systems of the merchant Merchants retain greater control over the customer journey Reduce Friction Retaining Control of the Buyer’s Journey Leveraging Transaction Risk Analysis (TRA)
  • 23. © iovation. All Rights Reserved 23 Competitive advantages The British Retail Consortium estimates that 25 percent to 30 percent of online purchases may fail when the SCA measures are rolled out. One-click Shopping Cost Savings Improved Experience *Source: Dailymail.co.uk, Online shopping code for confusion!, PUBLISHED: 16:10 EDT, 30 July 2019
  • 24. © iovation. All Rights Reserved 24 Risk-based consumer authentication SCA without the friction
  • 25. 25 v Or this much assurance?Do you need this much assurance?
  • 26. Match Grant Access No Match or Risk Signals Account-to- Device Pairing & Risk Evaluation Persistent Session Token Login User Access Customer Access Login Device Registration SUCCESS Step-Up *** *** Device-based authentication
  • 27. © iovation. All Rights Reserved 27 Something you KNOW Something you HAVE Something you ARE Mobile MFA Unified, Simplified And Personalized
  • 28. 28 “How can I provide strong, unified authentication for security-conscious customers?” Through any channel, digital or physical
  • 29. © iovation. All Rights Reserved 29 MOBILE APP KIOSK LOYALTY PROGRAM WEB CALL CENTER AUTHENTICATION IN NATIVE APPLICATION Companies with a strong omnichannel strategy saw an average customer retention rate of 89% Unified Access for Customers Omnichannel Authentication
  • 30. 30 DEVICE-BASED AUTHENTICATION DEVICE-BASED REPUTATIONMULTIFACTOR AUTHENTICATION LOGIN CUSTOMER SUPPORT PROCESS PAYMENT THIRD PARTY ACCESS REQUEST ADD REGISTERED DEVICE TO ACCOUNT Solve For: SCA Requirements Unauthorized Access Solve For: Account Takeover Call Center Fraud Solve For: Customer Friction Account Takeover Solve For: SCA Requirements Prevent Payment Fraud Solve For: SCA Requirements Access Control Account Takeover Optimized PSP Customer Journey for PSD2
  • 31. 31 DEVICE-BASED AUTHENTICATION DEVICE-BASED REPUTATIONMULTIFACTOR AUTHENTICATION LOGIN CALL CENTER PURCHASE SUBJECT TO SCA ACCOUNT SETUP PURCHASE Solve For: Fraudulent Accounts Promotions Abuse Solve For: Account Takeover Call Center Fraud Shipping Fraud Solve For: Account Takeover Customer Friction Solve For: SCA Requirements Promotions Abuse CNP Fraud Shipping Fraud Gift Card Fraud Solve For: Secure Payments Promotions Abuse CNP Fraud Shipping Fraud Optimized Merchant Customer Journey for PSD2
  • 32. 32© iovation. All Rights Reserved •Q&A

Editor's Notes

  1. (ALL GEOS)
  2. (US ONLY—BUT DO WE NEED ALTERNATIVE SLIDE FOR EMEA SINCE THEY ARE USING TRUSTEV TO ESTABLISH IDENTITY? CAN THIS SLIDE STAND AS IS FOR EMEA, TOO?) For high-risk transactions like account origination and loan application, iovation can go further than device intelligence to establish identity by verifying the email and phone number provided by the consumer.
  3. Article 4 of the PSD2 (Directive (EU) 2015/2366) defines “Strong Customer Authentication” as authentication based on the use of two or more elements categorised as: Knowledge – something only the user knows Possession – something only the user possesses Inherence – something the user is Independent factors means that the two authentication factors have to be out-of-band, so that the breach of one doesn’t compromise the other. That’s why you have to have at least 2 of the three independent factors SCA also requires dynamic linking – being able to tie a transaction to a specific amount and payee with a unique authentication code.
  4. *Compliance with SCA requirements is dependent on the specific approach used in the implementation of the elements. 
  5. *Compliance with SCA requirements is dependent on the specific approach used in the implementation of the elements.  Possession of a device evidenced by an OTP generated by, or received on, a device (hardware or software token generator, SMS OTP)  Possession of a device evidenced by a signature generated by a device (hardware or software token)  Card or device evidenced through a QR code (or photo TAN) scanned from an external device  App or browser with possession evidenced by device binding — such as through a security chip embedded into a device or private key linking an app to a device, or the registration of the web browser linking a browser to a device 
  6. *Compliance with SCA requirements is dependent on the specific approach used in the implementation of the elements. 
  7. In an effort to avoid the disruption of online transactions because they do not meet SCA requirements, the EBA has agreed that the competent authorities (CAs) may “decide to work with PSPs and relevant stakeholders, including consumers and merchants, to provide limited additional time to allow issuers to migrate to authentication approaches that are compliant with SCA. They went on to say however that “this supervisory flexibility is available under the condition that PSPs have set up a migration plan, have agreed to the plan with their CA, and execute the plan in an expedited manner.” The EBA stressed that such delays will only be available where payment service providers have agreed a migration plan with the competent authority. It is hoped that this additional supervisory flexibility will help merchants handle the transition. The British Retail Consortium estimates that 25 percent to 30 percent of online purchases may fail when the SCA measures are rolled out.
  8. communication protocols such as EMV® 3-D Secure provide a means for merchants to support the use of SCA. The EBA notes that versions 2.0 and newer support a variety of SCA methods, while trying to ensure customer convenience, limiting fraud through data sharing and transaction risk analysis, and enable the use of exemptions set out in the RTS. For those reasons, the EBA encourages the use of such communication protocols and expedient onboarding. Older protocols such as EMV® 3-D Secure version 1.0, although supporting the use of SCA, are not fully adapted to PSD2.”
  9. Transactions that are considered “low risk” can be exempted from the SCA requirement:
  10. Competitive advantages will arise for lower fraud rates as they will require less friction for higher exemption amounts. To be allowed the exemption based on transaction risk analysis, the solution must be operating in real-time and must verify a transaction against anomalies in user behavior. Check points shall include the following: Previous spending patterns of the payer Payment transaction history of the payer Location of the payer and the payee at the time of the payment Previous use of the access device or the software provided to the payment service user for SCA
  11. To retain control over the buyer’s journey merchants will need to work cooperatively with payment processors in order to reach the highest exemption thresholds, but this could provide a major competitive advantage on a number of fronts: One click shopping: Being able to expedite payment processing for a higher volume of transactions, i.e. all transactions below €500 vs. only transactions below €30 Cost savings: Reduce the overall number of transactions subject to higher cost SCA checks Reduced friction: Only step-up transactions above the exemption threshold or with risk signals to SCA Calculations for Reference Fraud Rate % = Total value of successful fraudulent transactions ÷ Total value of all successful transactions (including SCA and exempted)
  12. In a well designed system you can incorporate risk signals to tailor the level of authentication to the riskiness of the transaction. So for instance if a customer is logging in from a known device and just wants to view their balance, that’s a low risk transaction. But if the same customer want logs in from a new, unknown device and wants to transfer $10,000 out of their account; that’s a much riskier transaction. This is why risk insight is so important. Not only will it allow you to apply the right level of authentication based on risk-insight, it’ll also help you create a better user experience.
  13. Device based authentication isn’t reliant on personal data that has likely been breached, and is very low friction for customers. Refer back to case study
  14. Omnichannel flexibility: Today, authentication varies by the channel. On the web, customers enter their username and password. They enter the same credentials on your mobile app, but with a tiny, typo-prone keyboard. Imagine a time when every channel will use the same simple authentication method: the user’s device. Across the web, mobile app, streaming service, call center, and even in store.
  15. A recent study found that businesses with the strongest omnichannel customer engagement strategies have an average customer retention rate of 89%, as compared to 33% for companies with weak omnichannel strategies. (source: v12 Data, https://www.v12data.com/blog/25-amazing-omnichannel-statistics-every-marketer-should-know/)