Wednesday, 08 Jun, 2022
Follow PayCEC - global payment gateway to get updates on the latest payment trends and ecommerce news
As more nations adopt the EMV chip, organized crime searches for new ways to profit from card theft, with internet commerce as their favorite avenue. Strong customer authentication (SCA), as defined by the Payment Services Directive (PSD2), is a significant step toward a more secure payments ecosystem. Mastercard's SCA mechanism is a tiered system. To protect your merchants from unforeseen frauds, integrate security measures, such as effective risk-scoring, alongside true verification. Let’s keep reading to learn more about the Mastercard PSD2 and SCA to have a better understanding of secure payment for your business.
Mastercard PSD2 - a simple and secure online payment for merchants.
According to the report of Mastercard-Identity-Check-2019, Card-not-present (CNP) fraud now accounts for up to 73% of all fraud, and more transactions are moving to CNP channels every day. This shift poses a significant challenge for merchants and issuers attempting to avoid fraud while maintaining a positive consumer experience.
False decline rates are more concerning to many in the industry than fraud losses. False declines occur when the Issuer's or Merchant's fraud models incorrectly decline a good customer's transaction. False declines have a disproportionate impact on CNP channels, with the average decline rate for a CNP transaction staying around 15% to 20%, as opposed to 2% to 3% for card-present transactions.
When 3-D Secure (3DS) was established in 1999, the goal was to prevent fraud and improve consumer authentication during CNP transactions. While the protocol helped to reproduce the security of a physical payment and shift culpability for fraud losses away from businesses, it had certain flaws, such as failing to solve the issue of false declines, as seen above.
However, the global rollout of EMV® 3DS this year is projected to close all of the weaknesses in the prior protocol while also boosting the security of digital transactions.
Mastercard's 3D-secure landscape
The European Commission published the Second Payment Services Directive (PSD2) in December 2015, after the First Payment Services Directive (PSD1). The payments sector has changed dramatically since the launch of PSD1 in 2009. Growth in eCommerce increased usage of mobile devices for payments, and growing security concerns all contributed to the need for more regulation in the form of PSD2. One of PSD2's main goals is to reduce fraud. Strong customer authentication (SCA) is required for electronic payments under PSD2. Here are more details about PSD2 .
Strong Customer Authentication is abbreviated as SCA. "Authentication," according to the Oxford Dictionary, is "the process or action of validating the identity of a user or procedure." SCA is a set of authentication requirements developed by the European Banking Authority (EBA) that adds an extra layer of security to payment transactions with the goal of minimizing fraud by making transactions safer. Here are more details about SCA .
Strong customer authentication (SCA) Mastercard
The European Commission issued the Regulatory Technical Standards (RTS) on SCA and Common and Secure Communication on November 27, 2017. They spell down the SCA requirements. Regardless of device, the RTS applies to browser-based, in-app, and face-to-face payments.
The strong customer authentication mechanism used by Mastercard is tiered. Much higher security can be achieved by layering security measures, such as effective risk-scoring, alongside genuine authentication. This layered method (or defense in depth) protects all parties significantly better than relying on a single-layered technique, no matter how good that approach or authentication is.
Mastercard, its customers, and all other actors in the payment ecosystem should focus on providing secure, simple, and seamless cardholder experiences that balance new standards with authentication friction.
Mastercard's goals are:
To increase the rate of e-commerce conversion and approval.
This can be accomplished with biometrics and a seamless authentication experience.
To improve safety.
Effective risk-scoring, which gives a layered approach to security and enables one-click payments, can help achieve this.
Assist consumers in claiming exclusions.
This can be accomplished by changing our rules to make it easier to apply for exemptions..
The European Banking Authority (EBA) has opened a public consultation on amending its Regulatory Technical Standards (RTS) on strong customer authentication and secure communication (SCA&CSC) under the Payment Services Directive (PSD2) in order to allow for a 90-day exemption from SCA for account access.
Insofar as there is a pre-existing agreement between the cardholder and the merchant to provide products or services, Mastercard considers that Merchant Initiated Transactions* (MITs) are exempt from the SCA requirements. The cardholder is technically unable to authenticate the payment and is not participating in the transaction's initialization.
Mastercard is in discussions with the EBA and national competent authorities to clarify why MITs are exempt from the SCA criteria.
On all devices, SCA is required for electronic payments, including card payments made through a browser or in-app payments. SCA should be used in the following situations:
Strong Customer Authentication (SCA) is a new European standard for online payments that took effect on September 14th, 2019. It necessitates the use of two separate sources of validation, i.e., two of these three features: knowledge, possession, and/or inherence, which is referred to as "two-factor authentication.
In summary, SCA means that internet shoppers in Europe may be required to complete additional layers of verification.
Customers are asked to provide two of the three types of authentication: something they know, something they own, and something they are.
The graphic below shows which types of information are contained in these categories.
Something you know:
Something you own:
Something you are:
Even though a transaction is covered by the PSD2 RTS, there are a variety of exemptions that mean certain transactions are excluded from the SCA requirement. Identifying and optimizing the use of these exemptions will aid in providing a frictionless buying experience for consumers.
There are a variety of scenarios where no SCA is required to make life easier for consumers. The majority of these exclusions include low-value payments, recurring transactions (same amount), and transactions to trustworthy beneficiaries (white listing).
|In the scope of the RTS for SCA||Out of scope|
|Acquirer PSPs||Issuer PSPs||Anonymous prepaid card|
Low-value transactions - LVP
≤30 EUR - with a counter limitation for issuers
Transaction risk analysis - TRA
If fraud ≤13 bps up to 100€
If fraud ≤6 bps up to 250€
If fraud ≤1 bps up to 500€
|Mail Order/ Telephone Order - MOTO|
|Recurring transactions - same amount, same payee||Merchant-initiated transactions -MIT|
Whitelisting of trusted beneficiaries
Secure corporate payments
PSD2 RTS defines low-value payments (LVP) as being less than or equal to €30 or comparable to other currencies.
Even low-value payments, however, require authentication every sixth transaction or if the total amount since the last SCA exceeds €100.
Because of the low fraud rate Available for transactions where the quantity and intensity of fraud do not exceed the RTS's pre-defined restrictions. The amount changes depending on the level of fraud (see figure below) and is unaffected by countermeasures.
|Transaction size||Provided that the acquirer’s fraud rate is no more than|
|Up to €500||0.01%|
|Up to €500||0.06%|
|Up to €500||0.13%|
The fraud rate is calculated by dividing the total value of all remote card transactions by the total value of all illegal and fraudulent remote card transactions.
In practical terms, an Acquirer should consider employing a Transaction Risk Analysis (TRA) exemption when the Merchant is sure that the transaction is not fraudulent based on the consumer's transaction history and other known criteria.
Recurring Transactions are available if the payee and the amount are both the same.
SCA is required, however, when making the initial recurring payment arrangement, which includes the correct setup of the amount, expiration date, and repetition frequency. When changing a recurring payment, it's also necessary. The initial agreement must be referenced in all subsequent recurring transactions.
A Cardholder can ask their Issuer to white-list a Merchant, removing the need for SCA on subsequent transactions with that Merchant. 'Trusted beneficiaries' are merchants who have been listed by Cardholders. For the construction or updating of the white list, however, SCA is always necessary.
Issuers and Access Control Server (ACS) providers play a crucial role in allowing Cardholders to easily white-list merchants when shopping.
A Cardholder, for example, might be given the option of adding a Merchant to a white list.
Secure Corporate Payments (SCP) or Business to Business (B2B) payments made through dedicated payment processes or protocols that are only available to payers who are not consumers are exempted if competent authorities are satisfied that those processes or protocols provide at least equivalent levels of security to SCA.
EMV® 3-D Secure (EMV 3DS) is a new global messaging protocol (data flow) that improves security and simplifies the user experience across all digital channels (browser-based, in-app, wallets). It enables consumers to authenticate themselves using their cards and allows for a smooth authentication journey.
Mastercard® Identity CheckTM is the brand name for the EMV 3DS technical standard. It uses the EMV 3DS protocol to allow Merchants and Issuers to exchange 10X more data, including new mobile capabilities. Mastercard Identity Check helps improve digital payments security and approvals while providing Cardholders with a frictionless payment experience wherever possible.
EMV 3DS is a new industry standard and protocol that allows Merchants to send data to Issuers during a CNP transaction to assist reduce CNP fraud and rectify erroneous declines while giving a better customer experience. EMV 3DS is applicable to all CNP transactions, including recurring and card-on-file transactions. EMV® 3-D Secure's rich data interchange is used to assess the risk of a transaction and adjust security measures accordingly.
The ability to exchange 10x more data than 3DS 1.0, allowing for better authentication and authorization decisions. Furthermore, they enable state-of-the-art authentication technologies, such as biometrics, for better two-factor authentication.
Improving end-to-end transaction processing time by restricting the authentication cycle to one. In addition, they use risk-based authentication or frictionless authentication to passively authenticate Cardholders.
Adapting to new payment requirements on any device, such as in-app and mobile payments. Moreover, they add new use cases, such as cards on file, wallets, and tokenization. The new EMV 3DS standards also register customers is no longer required while shopping.
Mastercard® Identity CheckTM is now available.
(based on 3DS1 Standards)
Mastercard Identity Check (based on NEW EMV 3DS Standards, repaces Secure Code)
|Multiple authentication methods||Biometric-based authentication (With SMS OTP +1 factor as back-up)|
Merchants and Issuers participate in EMV® 3DS via third party service providers with Mastercard as the connecting link
With Identity Check & EMV® 3DS:
Mastercard® Identity CheckTM seamlessly integrates into the transaction flow to deliver secure authentication.
Majority of transactions
Risk-Based Authentication (RBA)
Risk-Based Authentication utilizes the rich data exchange provided via EMV 3-D Secure to determine risk.
Transactions deemed low risk may be silently authenticated without unnecessary friction - while higher-risk transactions can be prompted for Cardholder authentication resulting in:
Minority of transactions
||One-time Password (fallback solution)
PayCEC is a 3d payment gateway provider with a focus on online card payments. Strong Customer Authentication (SCA), sometimes known as two-factor authentication, is a requirement of the Second Payment Services Directive (PSD2). SCA Mastercard is a payment method that requires cardholders to use at least two of the three ways during the payment process for transactions made online or when a card is not physically put into a Point of Sale machine.
PayCEC is the best Mastercard payment solution for merchants & consumers worldwide with a payment gateway for Mastercard that are built on. To ease online card transactions, merchants can integrate the credit card payment gateway into their website.
PayCEC also provides a Mastercard payment gateway to online client organizations, allowing them to accept all forms of online card payment methods. To learn more, go to PayCEC's site and use the live chat feature to contact the Customer Relationship staff.
We created a payment API to assist businesses and customers in receiving the best possible experience while also protecting them from scammers.
With the PayCEC payment gateway, merchants can quickly set up their online store and begin accepting online card payments from clients. To set up your payment platform, follow the instructions below:
Prepare your company profile including:
Our Relationship Manager will contact you and support you in processing and integrate your merchant account
Use fully features of our payment service on Dashboard
PayCEC’s SCA secure payment gateway was established in response to the growing need of global online businesses to accept SCA secure online payments more quickly and easily. In the digital era, our payment flow has evolved to work seamlessly and effectively across all platforms and devices. We pride ourselves on combining superior technology with first-class customer service.
PayCEC’s SCA secure payment gateway for online businesses is a truly global payments platform that not only allows customers to get paid instantly and securely, but also withdraws funds to their business accounts in various currencies.
We have created an open and secure payments ecosystem that entrepreneurs and businesses choose to securely transact with each other online and on any device. We proudly maintain the highest level of client advocacy in the industry.
We are honored to serve as your reliable business partner and financial service provider in the industry and other business-related services. With the help of our professional staff, to help merchants to achieve their goals for the development and expansion of the international business market.
Our payment flow has developed in the e-commerce world to perform seamlessly and effectively across all platforms and devices. We take pleasure in combining technology with customer service, to solve your concerns at the moment.
PayCEC is a fully worldwide payment network that not only allows merchants to be paid immediately and securely, but also allows them to withdraw money in multiple currencies to their company accounts.