Change is afoot within the world of European regulations. The planned implementation of PSD3 is putting businesses under new pressures to ensure Strong Customer Authentication (SCA), and to mitigate the worst consequences of fraud. While there’s consensus that the regulations are a step in the right direction, there’s far less general understanding about how companies can ensure they’re going to achieve compliance. As we kick off 2024, it’s high time for those businesses affected by this shift to start considering how they are going to meet these demands.

When this evaluation is undertaken, many payment service providers (PSPs) will realise that without the right approach, PSD3 could quickly add unexpected friction to the transaction processes their businesses rely on. Against this evolving landscape, businesses need to adopt more secure and efficient authentication methods from log-in to checkout to ensure they can continue to process every payment safely and smoothly. On the face of it, this might seem like a lofty goal, but by leveraging the power of continuous authentication, the task becomes far more feasible.

What’s changing?

Explaining exactly why this requires some scene setting. Let’s begin with precisely what is changing in PSD3, particularly in relation to SCA. SCA was first introduced in PSD2, and its implementation has always divided opinion. For some, the requirement has failed to provide the protection it initially purported to offer and has routinely let down businesses and individuals across the continent in the five years since its introduction. Critics point to rising fraud across Europe as evidence of this deficiency. It’s a nuanced issue, but there’s certainly a case to be made for this point of view.

Simultaneously, the requirement has faced equally vocal critique about the friction it creates within transaction processes. Perhaps most notably, in 2020, the CMSPI’s SCA Economic Impact Assessment report concluded ‘[SCA] adds significant unnecessary friction to the online commerce experience’. The same report estimated that the requirement could cost merchants more than €100bn in online sales each year. Amidst this varied feedback, the European Commission has decided to act, and clearly wants to refine how SCA works to reduce fraud without creating unnecessary friction.

It’s noteworthy that the phrase ‘SCA’ only appeared 8 times in PSD2 but is used 70 times in PSD3. This alone should highlight the enhanced importance of the requirement in this impending update. In general, PSD3 is far more interested in the objective of reducing fraud than its predecessor. Evidently, the European Commission agrees with those who feel current regulations don’t go far enough in strengthening user protection and confidence in payments. For those affected by the update, particularly PSPs, there’s now a need to assess whether existing fraud prevention and authentication solutions are up to the task at hand.

Understanding continuous authentication

It won’t take long for many businesses in the space to begin realising that many modern authentication solutions only provide the façade of protection and as such, are incompatible with the more stringent demands of PSD3. Given that under the directive, failures in compliance will result in businesses facing fraud liability, the incentive to adopt more effective authentication solutions couldn’t be greater. The incredible potential of continuous authentication is yet to receive the attention it truly deserves in solving this issue, but considering the requirements necessitated by PSD3, that will inevitably change soon.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Unlike one-time static logins, continuous authentication solutions allow businesses to know who is behind a device, or account at any time. By analysing behavioural biometric interactions, our powerful AI reveals some of the hidden patterns in human activity and can produce continually evolving profiles for users, which are entirely unique to them. It’s a major step forward and could help companies meet the requirements of PSD3 around slashing fraud and ensuring customer protection while boosting conversions and delivering seamless customer journeys.

Rebolstering defence

This is essential because as fraudsters continually evolve their approaches, traditional, point-in-time authentication methods lack the ability to adapt. In fact, even multi-factor authentication, FaceID and fingerprint-based solutions are unable to authenticate users continuously. Despite requiring multiple checks, systems of this nature are only ever capable of identifying an individual at a particular moment in time, and, as mentioned, are often criticised for adding unnecessary friction to the transaction process, which prevents genuine customers from completing payments.

With solutions like Zally, all these concerns are effectively removed. By enriching valuable behavioural biometric data, the solution enables companies to know who is behind a device at any given time. This radical concept is flipping the entire process of authentication on its head, removing the need for traditional passwords, and facilitating smoother customer experiences. In looking to meet the demands of PSD3, PSPs and other financial institutions would be well-served to assess how this innovative approach could serve their business as it offers huge advantages over outdated, passive authentication methods.

Patrick Smith is founder and CEO at Zally