Scribd Logo
Upload

Welcome to Scribd!

  • Sca Authentication Flows Infographic Eur Sep 2019

    Uploaded by

    stan ned
    9 views3 pages
    The document describes three authentication flows for e-commerce purchases with credit/debit cards under PSD2 regulation: 1) Biometrics on a mobile banking app, where the bank sends a push notification and the customer authenticates with biometrics. 2) SMS OTP, where the bank sends an OTP via SMS and the customer authenticates by entering the OTP. 3) Card reader OTP, where the bank's ACS uses a card reader to generate an OTP which the customer enters.

    Original Description:

    Original Title

    sca_authentication_flows_infographic_eur_sep_2019

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document describes three authentication flows for e-commerce purchases with credit/debit cards under PSD2 regulation: 1) Biometrics on a mobile banking app, where the bank sends a push notification and the customer authenticates with biometrics. 2) SMS OTP, where the bank sends an OTP via SMS and the customer authenticates by entering the OTP. 3) Card reader OTP, where the bank's ACS uses a card reader to generate an OTP which the customer enters.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    9 views3 pages

    Sca Authentication Flows Infographic Eur Sep 2019

    Uploaded by

    stan ned
    The document describes three authentication flows for e-commerce purchases with credit/debit cards under PSD2 regulation: 1) Biometrics on a mobile banking app, where the bank sends a push notification and the customer authenticates with biometrics. 2) SMS OTP, where the bank sends an OTP via SMS and the customer authenticates by entering the OTP. 3) Card reader OTP, where the bank's ACS uses a card reader to generate an OTP which the customer enters.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 3

    E-commerce purchase on mobile device with Credit/Debit/Prepaid card:

    Strong Customer Authentication with biometrics in mobile banking app


    Authenticaton flow

    Risk Evaluation Authentication Authorisation

    EMV 3DS EMV 3DS

    Under PSD2 (SCA), before In this example, the ‘step up’ is The Bank (or ACS operator)
    requesting authorisation, the required and the Consumer’s Bank replies to Merchant via EMV® 3DS
    Merchant is required to provide sends a push notification to the with confirmation that cardholder
    EMV® 3DS data to the card Consumer’s mobile device with a authentication was successful.
    Issuer (Bank) via the Acquirer/ link to the mobile banking app.
    PSP for authentication purposes.

    EMV 3DS
    The Merchant sends authorisation
    request including authentication

    ©2019 Mastercard. Proprietary and Confidential.


    code returned by EMV® 3DS. By
    The Bank (or ACS operator) The Consumer authenticates into approving such requests, the Bank
    performs required Risk Based the mobile banking app using accepts transaction liability*.
    Authentication on the Merchant’s biometrics, e.g. fingerprint, iris
    and its own data. The RBA score scan, face recognition.
    determines if the Consumer is Purchase completed!
    required to perform an additional
    step to complete the transaction.

    ACS = Access Control Server, PSP = Payment Service Provider, OTP = One Time Passcode, RBA = Risk Based Authentication, * for fraud-related chargebacks
    1
    SCA = Strong Customer Authentication, PSD2 = 2nd Payment Service Directive
    E-commerce purchase on mobile device or desktop with Credit/Debit/Prepaid card:
    Strong Customer Authentication with SMS OTP with ‘knowledge-based’ question or PIN/password
    Authenticaton flow

    Risk Evaluation Authentication Authorisation

    EMV 3DS EMV 3DS

    Under PSD2 (SCA), before In this example, the ‘step up’ is The Bank (or ACS operator)
    requesting authorisation, the required and the Consumer’s replies to Merchant via EMV® 3DS
    Merchant is required to provide Bank sends an OTP via SMS to with confirmation that cardholder
    EMV® 3DS data to the card the Consumer’s registered mobile authentication was successful.
    Issuer (Bank) via the Acquirer/ number.
    PSP for authentication purposes.

    EMV 3DS
    The Merchant sends authorisation
    request including authentication

    ©2019 Mastercard. Proprietary and Confidential.


    code returned by EMV® 3DS. By
    The Bank (or ACS operator) The Consumer authenticates by approving such requests, the Bank
    performs required Risk Based typing the OTP into the accepts transaction liability*.
    Authentication on the Merchant’s Mastercard Identity Check box,
    and its own data. The RBA score he/she also provides a
    determines if the Consumer is PIN/password or response to a Purchase completed!
    required to perform an additional security question.
    step to complete the transaction.

    ACS = Access Control Server, PSP = Payment Service Provider, OTP = One Time Passcode, RBA = Risk Based Authentication, * for fraud-related chargebacks
    2
    SCA = Strong Customer Authentication, PSD2 = 2nd Payment Service Directive
    E-commerce purchase on desktop with Credit/Debit/Prepaid card:
    Strong Customer Authentication through a card reader with OTP-generator
    Authenticaton flow

    Risk Evaluation Authentication Authorisation

    EMV 3DS EMV 3DS

    Under PSD2 (SCA), before In this example, the ‘step up’ is The Bank (or ACS operator)
    requesting authorisation, the required and the Bank’s ACS uses replies to Merchant via EMV® 3DS
    Merchant is required to provide the Mastercard Identity Check with confirmation that cardholder
    EMV® 3DS data to the card box for the request to enter the authentication was successful.
    Issuer (Bank) via the Acquirer/ payment card into the card
    PSP for authentication purposes. reader to generate the OTP.

    EMV 3DS
    The Merchant sends authorisation
    request including authentication

    ©2019 Mastercard. Proprietary and Confidential.


    code returned by EMV® 3DS. By
    The Bank (or ACS operator) The Consumer authenticates by approving such requests, the Bank
    performs required Risk Based inserting his/her card in the card accepts transaction liability*.
    Authentication on the Merchant’s reader and entering the PIN: this
    and its own data. The RBA score generates an OTP which the
    determines if the Consumer is Cardholder enters into the Purchase completed!
    required to perform an additional Mastercard Identity Check box.
    step to complete the transaction.

    ACS = Access Control Server, PSP = Payment Service Provider, OTP = One Time Passcode, RBA = Risk Based Authentication, * for fraud-related chargebacks
    3
    SCA = Strong Customer Authentication, PSD2 = 2nd Payment Service Directive

    You might also like