The new Strong Customer Authentication (SCA) on contactless payments proved new findings.
The new Strong Customer Authentication (SCA) rules by the EU requires banks to verify customer’s identity every time they make payments totalling 100 Euros. The rule is designed to prevent fraudsters racking up billions on stolen cards.
This means, when customers makes repeated contactless card payments, they will be forced to type their pin’s to authenticate. Payments enablers and banks estimate a loss of 57 Billion Euros across European Union as a result of the extra checks.
How does SCA work?
SCA is a form of two-factor authentication designed to prove that end-customers are who they say they are, with specific rules around what constitutes ‘authentication’.
It requires two forms of validation out of three available categories.
What constitutes a method of authentication?
There are three valid categories of authentication available as part of SCA. Within each category, there are a number of potential methods for satisfying that category.
The three categories are:
Knowledge (something only the payer knows) — examples include a password, PIN, passphrase or secret fact/answer
Possession (something only the payer possesses) — examples include their mobile phone, smart watch, smart card or a token
Inherence (something the payer is) — examples include a fingerprint, facial recognition, voice patterns, DNA signature and iris format.
In particular, SCA will apply each time a payer:
· accesses its payment account online
· initiates an electronic payment transaction
· carries out any action through a remote channel which may imply a risk of payment fraud or other abuse
SCA is designed to reduce fraud during online transactions, but how much impact will it make?
Europol estimated that card-not-present fraud accounted for 66% of €1.44 billion in fraudulent card transactions in 2013. By 2016, the European Central Bank (ECB) calculated the total cost of card payment fraud reached €1.8 billion. The UK, France and Denmark suffered from the highest rates of card fraud.
In the UK alone, £2 billion was stolen from credit and debit cards in 2017, with 28% of people becoming the victim of online payment fraud.
Any reduction in the rate of fraud could result in a significant saving across Europe.
Bó, the digital bank launched last year by NatWest owner Royal Bank of Scotland, has now been forced to issue more than 6,000 new cards to its customers in order to comply with the new rules.
