With data showing that passwords are linked to 80% of data breaches, many enterprises have concluded that passwords are out and multi-factor authentication (MFA) is in. MFA is a security procedure that validates a customer's identity before they are granted access to a website or application by requiring another form of identification besides a user’s password – such as an email code, text or call one-time password (OTP), or biometric verification – drastically reducing the risk of a security breach.
PSD2 Strong Customer Authentication Regulation
In 2021, the EU Revised Payment Services Directive (PSD2) enforced a requirement for multi-factor authentication for e-commerce transactions in Europe. Known as SCA (Strong Customer Authentication), its goal is to increase the security of electronic payments by requiring customers to provide two forms of identification when shopping online in order to verify user identities more confidently and reduce the risk of fraud.
Strong Customer Authentication Compliance
For merchants to accept online payments and meet SCA regulations, the additional authentication must be built into the checkout flow for customer-initiated online and contactless offline transactions where both the business and the cardholder’s bank are located in Europe. During a transaction, SCA authenticates customers by collecting two out of three categories of information: who they are, what they have, and what they know.
- WHO: Biometric verification, such as fingerprint or facial scan
- HAVE: Verification via mobile phone or token
- KNOW: Verification via password or PIN
Efficient Strong Customer Authentication Solutions with UNIPaaS
A strong customer authentication solution provider, UNIPaaS is an all-in-one user-friendly payments suite that integrates seamlessly with digital platforms and streamlines the payment process. It offers a hassle-free – and secure – way to take payments. UNIPaaS uses a risk-based authentication process to determine whether a transaction should be authenticated via SCA. For example, someone attempting to purchase a 5-figure holiday package on a travel booking website would likely trigger a strong customer authentication requirement, while someone charging a takeaway lunch would not. Likewise, someone attempting to authorize a Purchase Order online would probably need to be authenticated, while someone confirming payment for a monthly gym membership would not.
UNIPaaS’ SCA Payments Offerings:
Automatic Cascading Mechanism
The Automatic Cascading Mechanism is an optional feature offered by UNIPaaS that is supported by all of its integration types. When a merchant sends an "Authorization" transaction (without a previous authentication) to an issuer bank, the bank may return a "soft decline" response. According to card scheme guidelines, these "soft decline" responses are not considered "optional responses," and the merchant is advised to re-attempt the request using an SCA flow.
The Automatic Cascading Mechanism is designed to handle these "soft decline" responses automatically, retrying the request using the merchant's authentication preferences. By using the Automatic Cascading Mechanism, merchants can avoid the need to manually retry transactions in the event of a "soft decline" and can instead rely on UNIPaaS to handle the strong customer authentication process automatically. This can help to improve the efficiency and effectiveness of the authentication process and improve the authorization rate by 30% per user.
UNIPaaS's Exemption Manager is an optional service that allows merchants to use the "Exemptions Engine" to apply their exemption preferences to each transaction when making acquiring decisions. The Exemption Manager offers exemptions for certain types of transactions, such as low-risk and low-value transactions, corporate cards, recurring transactions and subscriptions, and inter-regional transactions. Using the Exemptions Engine can help merchants streamline their SCA authentication process and reduce friction for their customers, leading to improved user experience and potentially higher conversion rates.
With the Exemption Manager, merchants who have MFA enabled are not liable for card disputes where the issuer has successfully authenticated the shopper's identity with full SCA. This reduces their overall liability for fraudulent transactions by ensuring that they are only challenged for SCA when it is necessary. The service can also help merchants reduce their risk of chargebacks by ensuring that they are only challenged for SCA payments when the transaction is high-risk. Transactions that are exempt from SCA using the Exemption Manager's Fully Managed Mode still receive full chargeback protection on fraud and authentication-related claims.
Get Started with UNIPaaS
UNIPaaS helps digital platforms, SaaS, and Marketplace simplify customers’ payment processes, increase revenue and profits, and enhance the customer experience. UNIPaaS is a certified PCI Level 1 Service Provider, is GDPR compliant, and is certified for ISO and SOC. In addition to our innovative PSD2 SCA solutions, find out more about how your platform can benefit from embedded payments with UNIPaaS, here.