Get ready for Strong Customer Authentication
The payments industry is constantly evolving, sometimes to add a more convenient way of paying and sometimes to make payments safer.
On 14th September 2019, the second iteration of the Payment Services Directive (PSD2) will come into force. The most important new feature of this EU legislation is increased security of payments using Strong Customer Authentication (SCA). SCA will involve the use of dynamic passwords, biometrics (e.g. fingerprints, iris or voice recognition) and increased controls on how contactless card transactions are managed. You may have already seen a few of these measures being introduced by some of your other providers.
Strong Customer Authentication (SCA)
SCA will help you by reducing the risk of fraud in electronic transactions and enhancing the protection of your data. This will apply to online payments, where users will be asked to enter one-time passwords (OTP) or to approve transactions in an app.
How will it work?
SCA uses 2 out of the 3 security elements (factors) detailed below whenever you need to be authenticated. These ‘factors’ include:
- Knowledge - something only you know (password, PIN etc.)
- Possession - something only you have (your mobile etc.)
- Inherence - something only you are (fingerprint, face recognition etc.)
When you make a contactless payment using your Ring, in some cases we’ll send a notification to your registered mobile number (something you have).
What do I need to do?
You will need to make sure you have access to the McLEAR Mobile app when using the Ring and that your mobile can accept notifications and authenticate yourself using your password, authentication code (something you know) or finger print/facial recognition (something you are).
When will I be authenticated?
SCA will be required prior to the moment your total spend of contactless transactions exceeds the equivalent of €150 (e.g. 5 transactions of €30 each) since the last SCA event (i.e. the last time you logged into your McLEAR App).
How will I know when I need to authenticate?
We will send you a Notification for every transaction between approximately £70 and £100. These Notifications will alert you that you're nearing the £100 authentication amount. You can authenticate yourself at any point, but if you do not and you reach £100 your ring will become blocked until you do. You will need to enable Notifications in order to receive them.
What will happen if I don’t authenticate?
If you don’t or can’t authenticate prior to the threshold being reached, the system will not be able to process your contactless transactions and you may be Declined at a point of sale. This is to protect you in the event that you are unaware your Ring is lost or stolen.
PSD2 is an EU directive that will be applicable in all EU member states. However, it is being introduced in the UK and will go ahead whatever the outcome of the BREXIT process.