We developed a white paper to address online authentication issues and recommendations on when/how to use Strong Customer Authentication (SCA).
The paper aimed at drawing the attention of both the payment industry and the regulators and at influencing the EBA Regulatory Technical Standards (RTS) issued in 2015 which mandated SCA to authorize all transactions with value above € 10.
We put forward our insights to the European Banking Association (EBA) and the European Commission whom seemed to accept most of our suggestions, including the principle of allowing a PSP to apply Transaction Risk Analysis techniques only when able to maintain a fraud rate lower than a mandated level (techological neutrality). This offer high consumer protection as the legislator imposes a fraud rate and not a technique aimed at maintaining low levels of fraud.
The paper played a key role in influencing decisions of the EU commission and EBA on SCA: the final draft of the EBA’s Regulatory Technical Standards embrace several recommendations outlined in our paper – including link between risk-based authentication and fraud rate aimed at appropriate exemption rules (art. 16 of the RTS (pg. 24-26)).
The paper was endorsed by five leading e-commerce associations.
We presented the paper at Visa-sponsored event in Brussels with the participation of a number of executives from the European Commission.