top of page
Blog: Blog2
Search
id-bound

EU PSD2/RTS/SCA - a nightmare scenario or happy-end?

Updated: Dec 31, 2019

Analyzing Fraud Loss Rate and Order Reject Rates - it is clear that it is practically impossible to reach the fraud loss rate of 0.13%, required for SCA exemption, without increasing order reject rates to unbearable levels.

PROBLEM 1:

Therefore- if a large percentage of online transactions will require consumer and payment authentication- then the real question one must ask how many of them will result in cart abandonment for any of the following reasons:

1. False Rejection

2. Too lengthy authentication process.

PROBLEM 2:

The problem of scaling up from benchmark trials to All-European deployment is far from being trivial. For example:

1. Luke Olbrich, the head of core payments for PayPal Europe, said he had seen the pitfalls of overly intricate or burdensome authentication controls when attempting to introduce a new security protocol, 3D Secure, in 2015. During trials, average authentication failure rates across Europe reached around 60% — the normal figure, he said, would be around 5 %: “I finally said pull the plug, we have to stop this,”.

Sentrycs response to PSD2/RTS:

Sentrycs will provide maximal security at minimal friction (consumer's time spent from Shopping Cart Buy till Purchase Confirmation).

Sentrycs is a Multi-factor, context- and risk-aware, Strong Identification-as-a-Service (IDaaS) for Online Access, Real-Time Money Transfer and Internet Payments.

To ensure compliance with EU PSD2/RTS:

Sentrycs Strong Customer Authentication is based on:

Possession-something only the user possesses a smartphone.Knowledge-something only the user knows the PIN.

To enable Transaction Risk Analysis -additional elements are also provided:

Geolocation pattern matching, Behavioral Biometrics, Browser Fingerprinting.

An extra security element is Dynamic Link of Customer Authentication to Amount and Payee, thus providing Payment Authentication. To ensure security resilience to malware attacks- the independence of channels is implemented as following: Initiation of payment or account info - in the Internet browser, strong authentication - in Sentrycs smartphone application. But no data is transferred between the Internet browser and the smartphone application.

For a demonstration of Online Access, Money Transfer and Internet Payments:

The demo shows that low-risk online access can be completed in less than 5 seconds.

The demo also shows that high-risk transactions can be completed in less than 15 seconds from Buy @ Shopping Cart to Purchase Confirmation on Merchant's site.

To further ensure resilience to fraudsters attack: on knowledge: brute force attack against PIN is limited by 5 attempts, on possession: replication is prevented by using multiple smartphone elements.

To enroll in Sentrycs IDaaS - Payment services users will perform two-tier identification, before obtaining authentication software application and activation code to their registered email address. Sentrycs offers convenient web-based integration with Payment Service Providers using its proprietary API.

Integration with the merchant sites accomplished by seamless redirection of Payment services users along the route: merchant>PSP>Sentrycs>PSP> merchant.

This allows an important Value Proposition for a Merchant:

One-click "buy" at the merchant site, since no payment data is entered by the user.

This allows an important Value Proposition for a PISP:

Immutable proof-of-transaction between the payment services user and payment services provider, resilient to malware attack, thus preventing costly customer disputes and chargeback.




3 views0 comments

Recent Posts

See All

Comentários


bottom of page