While the Payment Service Providers Directive (or PSD2) will be implemented in Europe, some businesses have found it difficult to apply for requirements that revolve around strong customer authentication (SCA).
This is why there are high cart abandonment rates on the continent. SCA methods can still be vulnerable to fraud and some consider biometric identity verification for an added layer of security.
PSD2’s requirements are divided into two groups. Article 6, 7, and 8 outlines require multi-factor authentication (MFA). They must also meet at least two of the three elements.
- A password or pin is an example of something that’s known.
- An item such as a mobile phone, laptop, or security key.
- You are something you are, like your fingerprints or face ID.
Article 9.3.a is the second base. It states that authentication devices must maintain their independence from other authentication methods.
The standard requires that the device ensures that the two authentication elements being used don’t interact with each other in order to be compliant.
VULNERABILITIES FOR STRONG CUSTOMER AUTHENTICATION
Each company and business implement strong authentication differently.
This is why not every system works the same. These fraudsters have the tech skills to defeat these strong layers of security. Here are their strategies:
Social Engineering –
This is usually done via phishing or man-in-the-middle attacks that aim to obtain username and password information.
SIM Swapping –
Some fraudsters pretend to be their victims and contact mobile phones companies to lie and obtain a new sim. This allows fraudsters to get a one-time password (OTP).
Malicious Accessibility –
Hackers exploit software and firmware vulnerabilities to gain access to vulnerable systems before preventive measures are taken.
While strong authentication is a great system for protecting businesses, there are also other methods for online identity verification such as FIDO2 which can elevate everything to a higher level.
If you want to learn more about how stronger customer authentication boosts fraud prevention, read this infographic. Secure, private authentication for the future – LoginID