PSD2 is the acronym in English that usually refers to the second directive of community payment services, reports the Spanish Banking Association, AEB.
The PSD2, applicable since 2018, aims to promote transparency, innovation and greater security in payment services: in addition to introducing new payment services, it establishes additional security requirements in electronic payment transactions and access to The accounts through the internet.
New security measures
On September 14, the applicable technical regulations regarding security will come into force, – Delegated Regulation (EU) 2018/389 of the Commission (known as RTS in SCA & CSC) – which establishes the obligations of enhanced authentication.
As of this date, electronic payment transactions must be made with enhanced authentication unless any exemption may apply.
Its application will involve some changes in the payment experience in customers, not only in electronic banking and banking applications for mobile devices, but also in card payments, both for electronic commerce and for in-person commerce.
What is enhanced authentication?
Enhanced client authentication is a procedure to verify the identity of the client in the electronic environment. In accordance with the new regulations, this identification must include two or more authentication factors of the following categories:
- Possession (something only the user owns)
- Inherence (something that is the user)
- Knowledge (something only the user knows)
What does the enhanced authentication application imply?
In practice, electronic payments already have high levels of security, however, the application of the new regulations requires that sometimes additional elements of authentication must be introduced in payments for which until now they were not required.
As an example, in addition to the usual codes (something that the user knows) they can send a code to a device (something that the user owns), or they can enter biometric factors (something that the user is).
Each bank, individually, will communicate to its customers how enhanced authentication will affect banking operations. In this sense, the banks work so that the incorporation of the reinforced authentication in this operation is done by adopting an adequate balance between security and the needs of ease of use and accessibility of electronic payments.
Basic internet security tips
The additional requirements will reinforce security in electronic operations, however, it is worth remembering some basic advice for users of banking services when operating in a conscious and responsible manner:
- Verify that the keys are entered in the electronic banking or mobile application of the bank and not in portals or fraudulent applications.
- The bank will never ask for information about codes and security elements to operate on remote channels either by phone or by email.
- Do not share passwords for access to electronic banking, mobile banking or card passwords with anyone.
- Be cautious and never install programs that are received by email but only official websites.
- Do not enter private data in public Wi-Fi networks.
If in doubt, contact the bank.