Harmonising the European market makes it possible to standardise the processes related to electronic payments in 28 different countries, assuming an easy, simple, and unique way for companies, both European and international, to implement it and to be able to offer their products and services without difficulties and with security. This is possible thanks to the introduction of PSD2 Strong Customer Authentication (or PSD2 SCA).
Therefore, PSD2 compliance means having to apply Strong Customer Authentication in every KYC process.
# PSD2 meaning: Why PSD2 compliance is important?
PSD2 Regulation (EU Directive 2015/2366) was approved by the European Commission to replace the previous law PSD, which laid the foundations to regulate electronic transactions related to payments. It was born because of the penetration of the market by new 100% digital players, such as Fintech, and given the need for higher levels of transparency regarding online activities.
The PSD2 regulation implements new requirements that intend to ensure transparency and fraud prevention. European Commission PSD2 requirements achieve this by creating a single market for online payments throughout Europe, easy to implement for both European and international companies and that offers the best security guarantees to users.
Therefore, the PSD2 regulation introduces important requirements regarding the security of payments and modifies the responsibility in cases of theft and fraud prevention in addition to mitigating risks by minimising the number of necessary actors during the KYC processes.
With PSD2 compliance, the Payment Services (TTPS) now see their operating conditions improved concerning the rest of the players, which increases transparency and optimises payment processes.
# What is PSD2 SCA (PSD2 Strong Customer Authentication)?
As we have been anticipating, the two key points of the PSD2 regulation are the reinforcement of the security of online operations and the innovation and optimisation of the processes. That is why, on many occasions, the PSD2 directive is compared to the GDPR in terms of data including what PSD2 regulation comes to contribute in.
The use of identity verification processes is standardised to corroborate that a client is who they claim to be, thus extending the already known KYC (Know Your Customer) process in the financial sector with the introduction of the SCA (Strong Customer Authentication) concept.
PSD2 SCA means getting to know the identity of the client in a legitimate way and with guarantees. That is why in the new PSD2, strong customer authentication is mandatory for many industries, where banking and finance stand out, due to AML (Anti-Money Laundering) protocols and their own needs given the nature of their activities. Here is when the new KYC technologies and solutions merge with the requirements proposed by PSD2 for secure online payments.
# Facial biometrics in PSD2 SCA for fraud prevention
Identity verification processes within the PSD2 directive for payments and other types of online activities can be carried out in different ways. However, not every way rigorously meets the security and technical needs and PSD2 requirements needed to effectively identify users and reduce fraud risks to zero.
This is where facial biometrics come into play, such as SCA (Strong Customer Authentication) and 2FA (Two-Factor Authentication), to provide payments with the adequate security level required by PSD2 regulation.
The facial recognition system records the biometric pattern of the person that wants to be identified creating an unambiguous mathematical model that is associated with the identity of the user. Solutions such as VideoID include dozens of real-time video checks thanks to the latest AI and machine learning to eliminate the risk of impersonation through images or deepfakes, from live smiles to depth detection.
Explore the intricacies of facial recognition technology, including its applications in the field of security and authentication.
The identity verification process through live facial recognition with video identification does comply with the PSD2 requirements for SCA processes, unlike the methods that use static images or selfies, which do not guarantee adequate security.
# PSD2 certification for companies
With PSD, electronic businesses had to make a call to a series of intermediaries that connected them with the means of payment (PayPal, Visa, Mastercard, and others) to later perform the payment. Thanks to the PSD2 regulation and SCA, the client themselves can authorise the online store or company to execute the payment on their behalf.
This update introduces a new process in which e-commerce and the bank are connected through an API. This significantly improves security of the process and avoids any intermediate steps, guaranteeing more privacy for the user, protecting their data, and being able to carry out the KYC process on the web or app with PSD2 SCA, which means a reinforced authentication that prevents fraud.
This change in the processes led to the birth of PISP (Payment Initiation Service Provider) and AISP (Account Information Service Provider) services. The first type of application acts as an intermediary between the financial institution or bank and the electronic store, while the second one focuses on platforms to store data of users’ financial products and services.
# How PSD2 improves fraud prevention? PSD2 payments
Thanks to PSD2, as we have been discussing, security controls that prevent online fraud such as identity theft, are introduced. This way, it is impractical (and extremely difficult) for a possible offender to carry out operations on others’ behalf and access the contracted products and services.
The security requirements introduced by the PSD2 directive block unauthorised online payments and prevent the use of a stolen credit card thanks to SCA double-factor authentication procedures. Identity verification parameters such as fingerprint, iris, or facial patterns are inaccessible to digital criminals.
Moreover, the terms of liability have also changed with European Commission PSD2 compliance. Now, the user will only be responsible for unauthorised payments up to 50 euros, compared to the 150 of the previous directive, being the company the one that will have to face the defrauded amount.
# Signicat, comprehensive solutions for PSD2 compliance
EID, a Signicat Company, listed in RegTech 2023 company, is a Qualified Trust Services Provider expert in regulations associated with online user-organization relationships, such as PSD2. With extensive experience in the Fintech area, develops comprehensive solutions for all technology and regulatory compliance needs so that companies and institutions can offer an agile, simple, and safe user experience.
eIDAS, PSD2, KYC, and AML5 have transformed the market, not only in Europe but also at an international level, so that businesses can optimise their processes, drive their growth and expansion, and develop and acquire customers like never before.