Products

How to be PSD2 Compliant with Two-Factor Authentication

In our two-part blog series we answer the questions: what is PSD2, and how you can provide strong customer authentication for you to be PSD2 compliant

August 07 2019

GET THE WHITE PAPER

What is PSD2, again? 

Our first blog in the series helped answer the questions “What is PSD2 and What Does it Mean for You?” In 2015 the European Parliament adopted a proposal from the European Commission to replace the Payment Services Directive (PSD). The goal of the new directive is to provide improved consumer protection for online and mobile payments. 

Security in PSD2 is governed by Secure Customer Authentication (SCA) rules, which dictate that banks are required to use strong multi-factor customer authentication for electronic transactions. Secure, two-factor authentication (2FA) meets this requirement. 

What is Two-Factor Authentication (2FA)? 

Two-factor authentication is an additional security layer that protects a bank client’s sensitive data, while also preventing fraud.  

Here’s an everyday example of how 2FA helps keep accounts secure: Someone steals the login details to your Gmail account and attempts to log in. However, since they’re trying to access your account from a new device, this is identified as a potential risk.  

To prevent your account from being hijacked, Gmail sends a push notification to your registered phone number to ask if you want to authorize the login attempt from a new device. You can stop this attempt by simply pressing NO. This is how 2FA keeps accounts secure in the event of stolen data – whether it’s login credentials or credit card details.  

“How can I use 2FA to keep clients protected?” 

Infobip enables 2FA with PIN delivery or transaction approval queries over the channels your customers prefer – push messaging through your app, WhatsApp, SMS or Voice. 

Push messages offer the best user experience. They work by giving users the option to simply press YES to authorize transactions, or to copy/paste a PIN delivered over the same channel. 

If your company doesn’t have an app, WhatsApp can be used to deliver PINs to customers. Your customers may also not have internet access, or even own a smartphone – if this is the case, then SMS or Voice can be used to securely authenticate customers. 

The best way to know which channels your customers prefer is to let them choose in their preferences. By using our omnichannel platform, we give you the ability to offer your customers all the channels mentioned for secure authorization. 

“How Do I Integrate 2FA Channels?” 

Infobip offers two ways of providing 2FA: 

  1. Generate One-Time PINs (OTPs) to deliver them to your customers’ devices 
  2. Use our channels to deliver OTPs generated by your system

Both options give you the ability to quickly provide strong customer authentication that is PSD2 compliant and keep customer accounts secure. 

How is Infobip PSD2 Compliant? 

The Payment Service Directive enforces Secure Customer Authentication and Dynamic Linking, which provides specific guidelines for using 2FA. Specifically, all messages that deliver OTPs or serve to confirm transactions must include the name of the recipient of funds, as well as the amount of the purchase. This was not the case prior to PSD2. 

Our 2FA offers placeholders, which can be used to comply with PSD2 authentication requirements by inserting names into messages that deliver OTPs or to confirm transactions. 

Find out how to get your business ready for PSD2 with our free white paper. 

DOWNLOAD THE WHITE PAPER "BE PSD2 COMPLIANT: 2FA FOR STRONG CUSTOMER AUTHENTICATION"