Strong Customer Authentication : Security Issues and Solution Evaluation

Abstract

In October 2015 PSD2 first adopted by the European Parliament to initiate a new method of payment system. Since then, it receives several amendment time to time. Strong Customer Authentication (SCA), one of the major requirements of PSD2 came into force from September 2019. However, European Banking Authority EBA found it is challenging to comply with this requirement fully, before the given deadline. Technical implementation challenge, complex payment systems across EU, bring-in all related actors under SCA needs to be resolved with profound solution to achieve the PSD2 success. Moreover, contradictory terms of the PSD2 with GDPR and inadequate protection for the user’s privacy prevails account access issues that can be circumvented by the payment service providers. This article investigated the pros and cons of the PSD2, finds feasible solutions for SCA that seamlessly involves all actors in payment system. Despite the fact of technical implementation details, a leading PSP’s SCA compliant solution integrated into an e-invoicing system as an specimen of an SCA compliant model. The model showcases the SCA conformity then test and verifies security of data and privacy of the user.