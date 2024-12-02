Under the new PSD2 regulations, all electronic online transactions in the European Economic Area (EEA) will require Strong Customer Authentication (SCA), designed to tackle card fraud and protect the confidentiality of payment security credentials for consumers when purchasing goods and services online. From 14 September 2019 onward, all European consumers will need to confirm their identity for the majority of their online purchases, using two of the following: something they know (eg a password), possess (eg a phone), or are (eg their fingerprint). Regulators have indicated a potential extension to the September deadline.

This new requirement puts the ultimate decision to authorise a transaction with the issuer, which can force additional authentication protocols – like 3D Secure 2.0 – that would impact customer experience during card-not-present checkout. However, under the new rules, exemptions from SCA are allowed for those that can keep their fraud levels under specified reference fraud rates; this allows payments under certain thresholds to be exempted when transaction risk analysis has been applied.

ACI recently launched a Merchant Guide for PSD2 and Strong Customer Authentication to help PSPs, acquirers, issuers, and merchants navigate the regulations. The guide, which is based on ACI’s expertise, provides insights into how these organisations can protect their customers as well as their own businesses. ACI has several additional tools, resources, and solutions, including ACI Proactive Risk Manager and ACI Red Shield.

