webleads-tracker

PSD2, 3D Secure, 3DS2: Strong authentication - Dalenys
xYou are currently visiting Dalenys website in englishGo to french version

Fraud & PSD2

Prepare for PSD2 compliance with Dalenys

Decryption and recommendations for maintaining a smooth customer experience in the light of the new regulations.

Dalenys>Fraud management>Fraud and PSD2
What will change with the PSD2

A new model of cooperation for merchants, PSPs and banks

With the PSD2, most transactions shall require strong authentication. Nonetheless, the more exchanges there are between banks, PSPs and you, the less impact strong authentication requests will have on your business. Such cooperation is based on the exchange of new data required by 3DS 2.0, as well as applications for exemption.

A new protocol
3DS 2.0

Strong authentication requests for all payments

Possible exemptions
under certain conditions

Seamless procedures for a smooth customer experience

Conditions for successful strong authentication

To be considered ‘successful’, strong authentication must be based on at least 2 of the following 3 criteria:

Knowledge

Information that only the user knows (PIN code, password, etc.)

Possession

Information that only the user has (a card, mobile phone, etc.)

Inherence

User recognition information, biometric identification (fingerprint, iris or voice recognition)

Merchants, your role is changing

Even though strong authentication is to become the norm, the procedure can still be seamless, with validation by issuing banks. Below are our recommendations on how to be proactive in the face of the PSD2, reduce fraud and optimise seamless trade.
1.
Find out the main exemptions to optimise your conversion
↓
2.
Exchange the right data
↓
3.
Develop your risk analysis
↓
4.
Qualify any applications for exemption and submit them to the issuer
↓

Issuer response YES: Seamless procedure

Issuer response NO: Implementation of strong authentication

Develop your risk analysis

The more your applications for exemption result from a thorough, effective real-time risk analysis, the more you will be perceived as a trusted partner by issuers. A reliable risk analysis in accordance with RTS (Regulatory Technical Standards) will subsequently ensure a lower fraud rate and more exemptions.
White paper

Discover Dalenys’ advice on how to reconcile compliance with a smooth customer experience

Focus on the requirements and the methods of cooperation between e-retailers, banks and PSPs for making the PSD2 a success.

20 pages providing an overview of the next migration steps and best practices to be put in place for e-retailers:

- Authentication vs. seamless procedure: the new rules of the game
- Risk analysis and applications for exemption: a virtuous circle
- Issuers, retailers and PSPs: successful cooperation
Download

Implementation schedule

A European deadline

The EBA (European Banking Authority) has announced that strong customer authentication (SCA) for e-commerce will come into force as of 31 December 2020. Migration plans have been defined on a country by country basis by each national regulator. These migrations often make use of "soft decline" strategies to gradually reach full RTS compliance (dates subject to change by each regulator).

What is "soft decline"?

This is the process whereby a request for direct authorisation of a transaction without prior authentication is refused by the client’s bank. The payment must be resubmitted with strong authentication.

Migration plans country by country

  • 5 October 2020: soft decline for transactions > €2,000
  • 15 January 2021: soft decline for transactions > €1,000
  • 15 February 2021: soft decline for transactions > €500
  • 15 March 2021: soft decline for transactions > €250
  • 15 April 2021: soft decline for transactions > €100
  • 15 May 2021: soft decline for all transactions

National authority: Banque de France

  • 1 June 2021: beginning of the soft decline with gradual increase in load
  • March 14, 2022: additional time granted by the EBA for full compliance

National authority: Financial Conduct Authority (FCA)

  • January 15, 2021: soft decline of transactions> 250 €
  • February 15, 2021: soft decline of transactions> 100 €
  • March 15, 2021: soft decline of all transactions

National authority: BaFin

  • January 15, 2021: soft decline of transactions> 250 €
  • February 15, 2021: soft decline of transactions> 100 €
  • March 15, 2021: soft decline of all transactions
  • January 1st, 2021 : soft decline of transactions > €250
  • February 1st, 2021 : soft decline of transactions > €30
  • March 1st, 2021 : soft decline of all transactions

National authority: Banco de Espana

  • January 19, 2021 : soft decline of transactions > €1,500
  • February 23, 2021 : soft decline of transactions > €500
  • March 23, 2021 : soft decline of transactions > €250
  • April 19, 2021 : soft decline of transactions > €100
  • May 18, 2021 : soft decline of all transactions

National authority: National Bank of Belgium (BNB)

  • January 20, 2021 : soft decline for 3DS transactions > €500
  • March 1st, 2021 : soft decline for 3DS transactions > €250
  • April 1st, 2021 : soft decline for all 3DS transactions
  • May 1st, 2021 : soft decline for non 3DS transactions > €250
  • June 1st, 2021 : soft decline for non 3DS transactions > €150
  • July 1st, 2021 : soft decline for all transactions

National authority: Bank of Irland

  • January 1st, 2021 : soft decline of transactions > €1,000
  • Febraury 1st, 2021 : soft decline of transactions > €500
  • March 1st, 2021 : soft decline of transactions > €100
  • April 1st, 2021 : soft decline of all transactions

National authority: CONSOB

Our latest news

PSD2 as seen by an acquirer and an issuer: Key figures and advice to optimise your conversion

Read more

PSD2, the final stretch: good practices to know

Read more

Would you like to learn more about the tools for seamless e-commerce?

Contact us