Secure multi-factor authentication for online banking and payments

spike

Since September 2019, PSD2 RTS for Strong Customer Authentication (SCA) applies in the European Union. This revised Payment Services Directive makes SCA mandatory for banks and any sensitive operations, with an extended deadline until December 31st, 2020 to implement SCA.

With increasing online transactions and more complex fraud attempts, banks and financial institutions need to implement a secure solution, compliant with 3DS e-commerce protocol, as SMS OTP is no longer an option in that case. Also, fraud attacks are especially a major risk factor for solutions developed in house.

PSD2 SCA is an authentication process to confirm the users’ identity through a minimum of two different and independent factors. This applies to sensitive banking operations and electronic payment transactions (excl. low amounts).

One of the biggest challenges for banks in Europe are e-commerce payments where the 3D secure protocol is now massively used to secure transactions. However, combining the Card number and an SMS OTP in a 3DS protocol is not compliant anymore: the card number is not considered as a real possession factor and SMS OTP does not meet security standards.

The industry is overall moving from 3DS e-commerce to app based authentication: this triggers the challenge of integration to card processors and 3DS servers or ACS (Access Control Servers) while maintaining a coherent authentication framework with other daily banking authentication use cases.

MFA implementation is not enough. Regulators will check in the coming months if banks really implemented PSD2 SCA, but they will also rapidly audit the security level of the SCA implemented by banks.

Banks need to focus on both:

  • Security of the SCA solution and overall, for their banking app
  • Multi-factor authentication with independence of factors

Antelop SCA answers both security and UX SCA challenges for banks

Antelop SCA offers one of the most advanced security toolbox of the market (certified by leading Security laboratories for International Card schemes: Visa, Mastercard, CB and EMVco), transforming your app into a vault. With its multilayer security (e.g. device binding, root detection, anti-tampering, anti-debugging, anti-cloning…), the Antelop SDK securely protects your customers from advanced fraud attacks and transforms the smartphone into a “trusted” device.

Our solution covers all authentication use-cases, using the smartphone for strong customer authentication, regardless of the operation channel:

  • Account access
  • 3DS Authentication
  • Credit transfers, P2P
  • Mobile Contactless Payments and QR code
  • Mobile and Desktop TPP Application

The Antelop mobile SDK natively manages various customer authentication methods: PIN code, Biometry, Secure Unlock. It also adapts to your business rules depending on transaction risk levels (payment thresholds, counters amount or number of transactions).

With both online and offline capabilities, it provides security mechanisms to secure communications between the application and bank back-end or third-party servers.

Antelop SCA SDK (Android, IOS and Huawei compatible) can help you comply with PSD2 in a secure and fast time to market. It comes as already connected through its authentication platform to various card processors and ACS. It enables banks to focus on UX with a generic secure solution.

Source Article

Next Post

EPSM advocates a gradual SCA ramp up as of January 2021

At the end of this year, the transitional exemption on PSD2-SCA for e-commerce card payments will end. EPSM advocates a gradual SCA ramp up as of January 2021 EPSM, the European trade association representing the interests of payment service providers for merchants, like acquirers and internet PSPs for payment acceptance, […]