The Payment Service Providers Directive, or PSD2, will be implemented throughout Europe. However, it has been difficult for some businesses to apply for the PSD2 requirements revolving around strong customer authentication like mobile identity verification.
These circumstances are responsible for high abandonment rates of carts across the continent. And some methods of SCA can be vulnerable to fraud.
PSD2’s requirements can be divided into two types. The first is article 6, 7 and 8. This outline requires multi-factor authentication.
- Something known like a pin or password.
- Something owned such as mobile phone, laptop, security key.
- Something you are like fingerprint or face ID.
The second is article 9.3.a. This states that authentication devices must be independent of other methods. To put it simply, devices must make sure that two authentication elements are not interdependent in order for them to meet the standard.
VULNERABILITIES STRONG CUSTOMER AUTHENTICATION
Every company or business has a different implementation of strong authentication. Some fraudsters are tech-savvy enough to combat these strong layers. Here are some of their methods:
- Social Engineering – these attacks are usually done using phishing and man in the middle attacks, and seek to gain information such as username and password.
- SIM Swapping – some fraudsters pretend to be victims and contact mobile companies to lie to obtain a new SIM card. This leads to fraudsters being able to obtain an OTP (one-time password).
- Malicious Accessibility – hackers exploit software or firmware vulnerabilities before any preventative measures can be taken to repair the system.
Although strong authentication is a solid system for protecting business, there are other methods, such as FIDO2 that can improve everything for fraud prevention measures.
If you want to learn more about how stronger customer authentication boosts fraud prevention, read these infographic. Secure, private authentication for the future – LoginID