The European Banking Authority (EBA) has published two important documents on PSD2: an opinion on the implementation of the RTS (Regulatory Technical Standards) on strong customer authentication (SCA) and Common Secure Communication (CSC).
The purpose of the EBA Opinion is to provide clarity on certain aspects relating to the implementation of the RTS on SCA and CSC.
In relation to the SCA mandate, the Opinion includes important clarifications on the views of the EBA in relation the execution of SCA and the application of different exemptions by the PSPs involved in a payment transaction, as well as the role of wallet providers in the provision of SCA.
About TRUXTUN Capital WEGA 3DSA 2.0 FIDO Certified products and mobile application, the following comments can be made.
It confirms that from the point that the Regulatory Technical Standards come into force (September 2019), the way we use our debit/credit cards to make internet purchases will need to change. It also confirms the need to use strong multi-factor authentication to validate a payment.
With the Excerpts below, it is confirmed that products like Wega Card 3DSA 2.0, FIDO Certified and Mobile application are fully compliant with requirements of PSD2 and may help banks to reach a high compliance level:
32 - "SCA applies to all payment transactions initiated by a payer, including to card payment transactions"
33. "SCA is defined in PSD2 as ‘an authentication based on the use of two or more elements categorised as knowledge (something only the user knows), possession (something only the user possesses) and inherence (something the user is) that are independent’ and that ‘protect[s] the confidentiality of the authentication data’...The EBA considers that the two factors need to belong to two different categories."
34. Given that knowledge is defined as ‘something only the user knows’, the card number with CVV and expiry date printed on the card cannot be considered a knowledge element. This is also the case for a user ID. For a device to be considered possession, there needs to be a reliable means to confirm possession through the generation or receipt of a dynamic validation element on the device.
With Wega 3DSA 2.0 FIDO Certified authentication suite solution, and considering the security requirements stated by PSD2 / RTS, TRUXTUN Capital is the first company in the world to be able to provide state-of-the-art security for mobile application and payment cards with frictionless user experience.