COMPLYING WITH OVERVIEW: PSD2 - Zuora · Zuora provides seamless integration with your payment...
Transcript of COMPLYING WITH OVERVIEW: PSD2 - Zuora · Zuora provides seamless integration with your payment...
OVERVIEW: COMPLYING WITH
PSD2
CONTENTS1. What is PSD2?2. What is SCA and why is it important?3. What are two-factor authentication and 3DS?4. What are the differences between 3DS and
3DS v2 and why are they important?5. How will Zuora help my organization comply?
What is PSD2?PSD2 is an extensive revision of the European Union’s “Payment Services Directive” regulations
PSD2 Objectives
● Standardize regulations and integrate the market for payment services across EU countries
● Ensure fair competition and transparency● Opens payment services ecosystem and reduces bank monopoly
on providing services by mandating that, upon account holder consent, they make account data available by API to third-party service providers
SCA stands for Strong Customer Authentication
SCA is one of the mandates of PSD2 and requires that merchants use two-factor authentication to reduce the risk of fraudulent transactions
As a growing number of transactions take place online, especially on mobile devices, SCA will help to
● make it easier for customers to pay ● reduce the risk and cost of payments fraud
What is SCA and why is it important?
Two-factor authentication (2FA) is a way of confirming a user’s identity by validating information from two or more of the following categories:
1. Knowledge - Something they know (e.g. user id / password)
2. Possession - Something they possess (e.g. security token, one-time code from SMS/e-mail, secret code, etc.)
3. Inherence - Something they are (e.g. biometrics)
3DS stands for 3D-Secure, an open standard used by major credit card brands to authenticate cardholders to prevent fraudulent payments
3DS is one of the primary ways for Payment Services Providers to
comply with the SCA mandate.
What are two-factor authentication and 3DS?
3DS vs 3DS2 - Why are the differences important?3DS v1 3DS v2 So what?
For payment cards only
Also supports mobile and digital wallets
Greater flexibility and support for mobile e-commerce
Designed for desktop web
Streamlined for mobile interaction models/devices
3DS2 adoption expected to be greater because it is easier to use
Requires 3rd-party pop-up screen to authenticate
No 3rd-party popup screen The authentication popup screen adds friction to checkout process. It also looks like a phishing attempt to an unsuspecting user.
Higher false declines Modified authentication flow reduces false declines
Customers likelier to abandon transaction or use a different payment method
No merchant opt-out or exceptions
Lower-value transactions exempted from validation, depending on merchant’s fraud rate
Greater flexibility and alignment of the protocol to the risk of a particular transaction
10 data points captured
Up to 150 data points captured Issuer can make better decisions about the validity of the transaction with more data, preventing both fraudulent transactions as well as false positives
Zuora provides seamless integration with your payment gateways, simplifying and automating collections
As part of your comprehensive PSD2-compliant solution, Zuora intends to provide the following:
1. SCA-compliant implementation of 3DS (3DS v2)2. 3DS support extended across applicable payment
gateways3. Hosted Payment Pages updated to support
enhanced 3DS, where applicable
How will Zuora help my organization comply?
1. Update your HPM page configurations*
2. Update your gateway configurations to use a version that supports 3DSv2. Note: Some integrations may support 3DSv2 without requiring an update.
What will I have to change in my tenant?
*Note: Initially, we will support3DSv2 via embedded iFrame only. Direct POST support will come later. If you are currently using the Direct POST profile for HPM, you will need to adopt the embedded iFrame profile temporarily.
Thank You!