As cross-border digital transactions become more common, customers are demanding increased security protocols to protect themselves from fraud. Some regions, like the European Union, have created regulations like PSD2 requiring payment services and providers to give their customers this extra layer of security that includes strong customer authentication.
How ACI Worldwide Supports SCA Compliance
All of ACI’s fraud solutions use the latest version of EMV 3D Secure, a security protocol based on a three-domain model, to reduce the risk of fraud and identity theft and ensure SCA compliance. ACI also works with merchants to develop strong SCA exemptions strategies that improve the customer experience and reduce lost revenue.
Strong customer authentication (SCA) is a PSD2 regulatory requirement that uses multifactor authentication to build an extra layer of security into your electronic payments platform.
What Are PSD2’s SCA Requirements?
All payment service providers must verify customers’ identities based on at least two of the following components:
1
Something the customer knows, such as a password, passphrase or personal identification number
2
Something the customer has, such as a mobile phone, wearable device, hardware token or smart card
3
Something the customer is (based on biometric data), such as a fingerprint, facial recognition scan, voice pattern or DNA signature
Failure to comply with PSD2’s SCA requirements could result in issuing banks refusing merchant transactions, which, in turn, leads to lower authorization rates.
To achieve compliance, payment service providers must implement transaction monitoring to detect any unauthorized or fraudulent scams by documenting:
Compromised or stolen authentication elements
Transaction amounts
Any known fraud scenarios in the provision of payment services
Signs of malware infection during an authentication session
The use of the access device or software provided to the payment service or provider
Strong Customer Authentication Exemptions
Although SCA is generally applied to all customer-initiated online transactions, PSD2 does allow for certain exemptions to eliminate friction in the payments process:
Low-value payments (payments below $30 USD)
Subscriptions and other recurring payments
Trusted beneficiaries, including identified trusted merchants and secured corporate payments
Transactions that real-time risk analysis solutions have identified as low-risk
ACI’s industry-leading fraud prevention is delivered via a powerful combination of machine learning, predictive and behavioral analytics, positive profiling, customized fraud strategies and expert support.
ACI Payments Orchestration Platform
Design payment flows that connect to multiple payment providers and maximize customer conversions using ACI Worldwide’s payments orchestration platform
A true payments orchestration platform with sophisticated real-time fraud prevention capabilities, advanced business intelligence tools and access to an extensive global network of acquirers and alternative payment methods
Dedicated support from a global team of experienced fraud and risk analysts, working closely with merchants to develop and manage tailored, real-time risk strategies
