What is strong customer authentication, and why should you care?
If you accept contactless cards or online payments, you should have strong customer authentication.
If not, you may have a large number of contactless and online payments being declined.
That’s because you might not meet the new security requirements of strong customer authentication.
In this blog, we look at the significance of strong customer authentication for contactless and online payments and what it means for businesses.
What is strong customer authentication?
You might have already heard of strong customer authentication in another guise - two factor authentication.
Essentially it requires a customer’s bank to carry out extra checks to confirm a customer’s identity and be sure it’s them trying to make the purchase.
Strong customer authentication has actually been around since 2019, but it’s only this year the stricter security measures became mandatory.
It forms part of the second Payment Services Directive (PSD2), adding additional layers of security to electronic payments.
While part of an EU security policy that will affect the European Economic Area, it is still in force (and is likely to remain so) in the UK.
What does strong customer authentication require?
Strong customer authentication requires the customer to carry out two or three potential tasks to confirm their ID during a purchase.
These are:
1 - Enter a password or PIN - this already happens occasionally when customers pay using a contactless card.
2 - Enter a one time passcode (OTP) - again, customers will already be familiar with this as banks have been using it to confirm bank transactions (like money transfers) for years.
3 - Use their biometric data - this has already been used by users of mobile wallets on smart devices as a customer is required to use their fingerprint or facial scan to authorise a payment using their smartphone.
What do you need to do as a business?
Strong customer authentication is more an issue for your business bank provider than you as the business, as the bank is required to carry out the ID checks.
However, if the SCA requirements aren’t set up for you, your customer may not be able to complete a purchase because they can’t complete the additional ID checks.
This means you should contact your business bank and ensure all the necessary steps have been taken to use the checks.
Your customer may be asked to enter their PIN into the card machine for in-store payments while using contactless.
Online, customers could be required to request a one time passcode to confirm the payment, or they could be required to enter their biometric data if trying to pay online via mobile.
Benefit from secure contactless card payments
Strong customer authentication is a significant step in making contactless payments even more secure and protecting customers (and you as the business) from payment fraud.
It’s essential that everything is in place for customers to complete the additional ID checks, or you could start to see more transactions declined.
Suppose you have noticed more contactless transactions being declined and customers unable to complete purchases.
In that case, it could be worth contacting your business bank to ensure everything is set up to comply with strong customer authentication.
If you’re interested in finding out how you can get a better deal from your contactless card machine, find out more