In the middle of September a new EU directive is set to come into force, which makes multiple or two-fold authentication compulsory for online retail payments.
In real terms, this means that for credit card payments the card number, expiry date and security code will no longer suffice. The retailer will also need to carry out an additional security request to add a safety factor, as explained in this detailed report on the topic published in the German daily “Welt”. Of three potential security features – something that only the customers knows, such as a password or PIN; something that only the customer has, such as a card or smartphone; something that makes the customer unique, such as a fingerprint, voice or face – two of them will be required to come into play.
Apart from payments made by credit card, the regulations may well also impact on PayPal. “Traditional” means of payment such as invoice or direct debit remain unaffected, on the other hand, as for these methods authentication takes place elsewhere in the business process. For credit card and PayPal, procedures typical in e-commerce, retailers fear a slowdown in business – partly because they have already had bad experience with comparable situations where additional loops have been added, for instance “Verified by Visa” or “Mastercard Secure Code”. Many smaller suppliers, moreover, fear falling even further behind cash-rich corporations like Amazon or Zalando (through the potential whitelisting of such corporations by the customer’s own bank).
One option for providing an additional authentication factor, in any case, is to employ good old SMS, which can be sent to every cell phone – even non-smart feature phones which cannot install authentication apps. Using Retarus’ Enterprise SMS Services, this can be achieved directly from the e-commerce backend. You can obtain more details and use cases on our website or directly from your local Retarus representative.