Visa Europe revealed important stats about the usage of Contactless Cards. Poland, Spain and the UK use this payment methd the most, with UK usage growing by 300% year over year.
Visa Europe revealed important stats about the usage of Contactless Cards. Poland, Spain and the UK use this payment methd the most, with UK usage growing by 300% year over year.
If you are a payment ecosystem participant, you may know that on the 14th September 2019 the second Payment Services Directive (PSD2) has entered into force. PSD2 brought us stricter requirements for customer authentication, called Strong Customers Authentication (SCA). Under PSD2 and Regulatory Technical Standards (RTS), SCA is defined as an “authentication based on the use of two or more elements categorized as:
that are independent, in that the breach of one does not compromise the reliability of the others and is designed in such a way as to protect the confidentiality of the authentication data.”
In other words, PSD2 requires to implement Multi-factor Authentication (MFA). Multi-Factor Authentication can be implemented by using a combination of these elements to authenticate the user:
In the payment ecosystem, the most recognized standards are provided by the Payment Card Industry Security Standards Council (PCI SSC). It requires MFA to be implemented with at least two of the three authentication methods (similar to SCA in RTS) as described in PCI DSS Requirement 8.2:
Currently, the industrial standard for authentication of online payment is PCI 3D Secure (PCI 3DS). Using PCI 3DS typically means adding an extra step after the checkout where the customer is prompted by their payment service provider to provide additional information to complete a payment (e.g., a one-time code sent to their phone (or email address) or biometrical authentication through their mobile app).
In 2019 the new version of PCI 3DS – 3DS Secure 2 (PCI 3DS2) was released (Read our article about 3DS here).
It introduces a lot of improvements to user experience with authentication added into the checkout process.
3D Secure 2 allows payment providers to send more data elements on each transaction to the cardholder’s payment service provider. This includes payment-specific data: shipping address, as well as contextual data, such as the customer’s device ID or previous transaction history, etc. By sharing more data PCI 3DS2 enables to increase the number of transactions that can be authenticated without further customer input.
Apple Pay and Google Pay or other card-based payment providers already support payment process with layer of second authentication factor (biometric, code etc).
The PCI Guidance for Multi-Factor Authentication says “The intent of multi-factor authentication (MFA) is to provide a higher degree of assurance of the identity of the individual attempting to access a resource, such as physical location, computing device, network or a database. MFA creates a multi-layered mechanism that an unauthorized user would have to defeat to gain access.” PCI-DSS Requirement 8.3, which makes multi-factor authentication mandatory, is in full compliance with PSD2 and SCA.
Book a free call with our experts to discuss your cyber security challenges here.
Column Header Text | Column Header Text | Column Header Text |
Their work should have not stopped there because achieving compliance is an occasional result that doesn't ensure a continual protection. |
Their work should have not stopped there because achieving compliance is an occasional result that doesn't ensure a continual protection. |
|
Their work should have not stopped there because achieving compliance is an occasional result that doesn't ensure a continual protection. |
Their work should have not stopped there because achieving compliance is an occasional result that doesn't ensure a continual protection. |
Their work should have not stopped there because achieving compliance is an occasional result that doesn't ensure a continual protection. |
Performing a review of the media inventories at least annually |
Performing a review of the media inventories at least annually |
Performing a review of the media inventories at least annually |
Row Header Text |
Lorem ipsum dolor sit |
Lorem ipsum dolor sit |
23 |
Row Header Text |
Lorem ipsum dolor sit |
Lorem ipsum dolor sit |
23 |
Row Header Text |
Lorem ipsum dolor sit |
Lorem ipsum dolor sit |
23 |
Row Header Text |
Lorem ipsum dolor sit |
Lorem ipsum dolor sit |
23 |
Row Header Text |
Lorem ipsum dolor sit |
Lorem ipsum dolor sit |
23 |
Row Header Text |
Lorem ipsum dolor sit |
Lorem ipsum dolor sit |
23 |
Row Header Text |
Lorem ipsum dolor sit |
Lorem ipsum dolor sit |
23 |
Row Header Text |
Lorem ipsum dolor sit |
Lorem ipsum dolor sit |
23 |
I am the Compliance and Data Protection Consultant at Advantio. I have over 16 years of experience in developing various information systems and IT projects, 8 years of experience in project management and information security consulting. Also I'm the Marketing and Communications Director at ISACA Lithuania.
Comments