We addressed online authentication issues and recommendations on when/how to use Strong Customer Authentication (SCA) on a popular industry white paper.
The paper aimed at drawing the attention of both the payment industry and the regulators and at influencing the EBA Regulatory Technical Standards (RTS) issued in 2015, which mandated SCA to authorize all transactions with value above € 10.
The European Banking Association (EBA) and the European Commission accepted most of our suggestions, including the principle of allowing a PSP to apply Transaction Risk Analysis techniques only when able to maintain a fraud rate lower than a mandated level (technological neutrality). This offers high consumer protection as the legislator imposes a fraud rate cap to comply with, not a technique hoped to be able to guarantee low levels of fraud.
The paper played a key role in influencing the decisions of the EU commission and the EBA on SCA. The final draft of the EBA’s Regulatory Technical Standards embrace several recommendations outlined in our paper – including the link between risk-based authentication and fraud rate aimed at appropriate exemption rules (art. 16 of the RTS (pg. 24-26). The paper was endorsed by five leading e-commerce associations (logos on front cover). We presented the paper at a Visa-sponsored event in Brussels with the participation of a number of executives from the European Commission.
The CleverAdvice Team