Two-factor authentication / strong customer authentication (2FA/SCA)
Security is one of the most important factors in payment transactions for both merchants and paying customers. Two-factor authentication has therefore been introduced to further reduce fraud and card misuse. This further ensures that payments are only initiated by those who are authorized to do so. With strong customer authentication, the payment is therefore only released if at least 2 factors from 2 different of the following 3 areas can be checked:
- Possession (e.g. a credit card)
- Knowledge (e.g. a PIN)
- Inherence (e.g. a fingerprint or other biometric feature)
Traditional card payments therefore already support this procedure. This is because when paying by card, the card is held (possession) and the associated PIN (knowledge) is entered. In the case of online transactions or distance selling transactions in general, the second factor was largely missing until now, as it caused a high abandonment rate among shoppers. However, with the final entry into force of PSD2 (Payment Service Directive 2) on September 14, 2019, 2FA also became mandatory for online payments. However, as store operators and payment service providers are not yet sufficiently prepared, the regulating authorities (including BaFin) have granted a transitional period until practicable solutions have been found.