A nightmare not only for consumers: credit card, personal data and payment information get into the wrong hands. Since September 2019, online store operators have been required to implement two-factor authentication as an enhanced security requirement. As part of the European Payment Service Directive (PSD2), payment transactions within the EU are to become more secure for consumers.
In Germany, BaFin is granting a transition period until March 2021 to implement two-factor authentication in the payment system. Here es there are the following scales:
This procedure should not be entirely new for consumers. Double authentication has been used in online banking for some time now. And two-factor authentication is not only the standard for payment systems.
Entering the credit card number, validity and security number is no longer sufficient when paying in online stores. Buyers must prove in at least two ways that they are the owner of a PayPal account or the credit card. If you are a webshop operator and have not yet installed this security level, you now have until March 2021 to do so.
According to Handelsverband Deutschland and a study by CMSPI, stronger customer authentication could lead to a loss of sales in e-commerce. Multiple authentication is more time-consuming and initially daunting for the customer. On the other hand, the second Corona Lockdown, including its extension, offers consumers few alternatives to buying online. Those who need certain products must order and pay for them online. It makes sense for es to offer many payment options for the transition period. Purchase on account or direct debit are alternatives that enable customer-oriented payment - not everyone has a credit card!
Many online merchants delayed the adaptation to two-factor authentication. One reason is that the chosen payment service provider itself has to make improvements. By updating the payment module, two-factor authentication can be implemented quickly. The effort required on the part of the online merchant is negligible. If the necessary update has not yet been rolled out, then it may be necessary to consider another service provider. es is more tricky when it comes to individually programmed connections to payment systems on the website. Extensive programming work may be required here before all security vulnerabilities are closed. In principle, however, it can be assumed that the two-factor authentication required by the EU will not be withdrawn. So it's better to get es done now. Because this is perceived by the customer and is part of the freestyle of a website optimization.
Another reason why online retailers shy away from two-factor authentication is that it prolongs the purchasing process. SME online retailers are among the most popular victims of hacker attacks and should therefore pay increased attention to protecting customer data. Those who wait too long also risk losing the trust of their own target group.
Der gehobene Sicherheitsstandard im Onlinehandel sorgt sogar laut Mastercard für einen flüssigeren Bestellvorgang. Der EMV 3D-Secure sorgt sogar für niedrige Abbruchraten – unterhalb der bisherigen ungesicherten oder mit 3D-Secure 1 Check-Out-Prozessen.
Strong Customer Authentication - SCA includes three factors, two of which are mandatory:
Damit der Check-Out-Prozess nicht unnötig verlängert wird, sollte das 3D Secure 2 Protokoll oder auch Sicherheitsprotokoll EMV 3D-Secure zügig im Onlineshop integriert werden. Das erhöht die User Experience und verbessert den SEO Service gegenüber E-Commerce Website betreibern. In diesem Zusammenhang ist die Ergänzung der Datenschutzhinweise im Onlineshop erforderlich. Die Sicherheit der Kundendaten und Customer Journey müssen in Einklang gebracht werden. Aber die erfolgreich Zwei-Faktor-Authentifizierung stellt einen Wettbewerbsvorteil für Onlineshops dar. Für den Onlinehändler bieten sich weitere Vorteile. Die Zwei-Faktor-Authentifizierung stellt den stetigen Datenaustausch zwischen Onlineshop und Payment Service Provider her. Die gemeinsam genutzten Datenpunkte werden erhöht, wodurch eine bessere Risikoanalyse und Betrugsprävention möglich ist.
Autor: F. Baer