Crunch time: getting ready for new strong authentication requirements

By Michael Sass,  Vice President Product Management Security Solutions at Mastercard

For the past few months, the pandemic has captured the world’s attention like few issues before. Health and safety became, and still are, top of mind.

As what felt like the world hitting the “PAUSE” button, projects and initiative that were considered “urgent” up until then came to an abrupt halt. It is only within the last few weeks that people and businesses have begun to resume a new normal way of life.

At the same time, some deadlines continued to approach fast regardless of the new situation businesses found themselves in. If you are in the payments industry, one of the big issues in Europe over the past years has been the introduction of so-called Strong Customer Authentication requirements for electronic payments. The idea behind these new regulatory requirements introduced by the EU, is to make electronic payments safer and to ensure that whoever makes an electronic payment is who they say they are.

This requires a huge effort from all parties in the ecosystem, including retailers and other businesses to ensure that all systems are ready. It is something that industry players have been working on for the past two years. Understandably, however, retailers have had their minds on other things over the past few months. (Economic) survival had to take priority.

If there is one trend that lockdown has amplified, it is the massive shift to digital, specifically digital commerce. People turned to e- and m-commerce in proportions never seen before and this trend is likely to continue post-Covid. This is due to the evolving technology and our – the consumer’s – equally evolving habits and expectations. But with greater digital reliance comes the need to have the proper guardrails to ensure that the how everyone transacts online is secure and interoperable.

The new security – or authentication - requirements will become mandatory at the end of this year. This means that any transaction that is not complying with the new requirements will have to be declined. Not only will this lead to a bad consumer experience and result in a significant amount of lost sales. If not addressed properly, it will also tarnish any retailer’s reputation and ultimately drive previously returning customers away.

Therefore, it is imperative that businesses are ready and take all the necessary measures ahead of the deadline to avoid a bad shopping experience. In anticipation, Mastercard has been working to make sure that we are delivering for our retail customers and ensuring that the entire ecosystem is ready. Last month, we launched a new test platform to help online businesses in particular, test their readiness for the new regulatory and technical authentication requirements and address any issues. Mastercard encourages all retailers to make use of that platform[1]. Only by acting now and focusing on the technical implementation of the new requirements can retailers and businesses enter the festive season with the peace of mind that, come 1 January, their customers will continue to be able to shop with them without any unpleasant surprises.

Even with the surge in online transactions, in-person payments are not going anywhere. We’re seeing a shift to frictionless commerce, as the way we pay and get paid differs across various retail environments. Biometrics will also be blended into transactions and interactions as the need to identify and authenticate oneself both online and in-person becomes ever more critical.

What is key to all of this is our commitment to provide all stakeholders the most efficient, safe, and simple payment experience. This begins the moment a consumer starts browsing to once they’ve made the purchase.


[1] For further information and get the process started, please visit: https://3dss.netcetera.com/mastercard-psd2-testing/