This week, the Financial Conduct Authority (FCA) confirmed the phased roll-out of PSD2 SCA within the UK. As part of this phased approach, it is envisaged that as of March 2020, merchants will be allowed to introduce 2-Factor Authentication as an approved method to achieve SCA compliance. However, to ensure full compliance, merchants must ensure their plans are completely in place by March 2021.
The introduction of SCA by the EBA (European Banking Authority) is expected to reduce the levels of financial fraud online, which significantly impacts the global e-commerce marketplace. However, due to concerns about the ability of Issuers, Acquirers, Gateways and Merchants to deploy 2-Factor Authentication by the original 14th September 2019 deadline, the FCA has agreed to allow the use of EMVCo 3DS 2.+ (Risk Based approach) alongside one form of authentication. SMS OTP is the primary form of authentication suggested by the FCA due to the potential availability to consumers.
Is SMS OTP the Mag Stripe of the e-Commerce World?
There are meaningful concerns within the e-commerce world around the security of SMS OTP, particularly with regard to social engineering and hacking vulnerabilities. The SMS delivery mechanism – sending a message directly to a consumer’s phone – introduces a new vector that fraudsters can attack to take over individual consumers’ accounts and commit fraud. Read full post