New requirements for owners of online stores for in-depth customer identification

On September 14, 2019, a new requirement for the owners of online stores has arisen regarding their e-commerce stores. The latter is dictated by the new Regulatory Technical Standards on Strong Customer Authentication under Directive (EU) 2015/2366, or so-called “Payment Services Directive (PSD2)”.

One of the main objectives of PSP2 is to improve the level of security of electronic payments and the confidence of consumers in making them. In particular, PSD2 requires owners of online stores to carry out the so-called strong customer authentication, in order to significantly reduce the risk of payment fraud levels and to protect the confidentiality of customers` relevant financial data.

Thus, owners have an obligation to implement in their e-commerce stores the so-called EMV 3D Secure (3DS), which is a messaging protocol that promotes customer authentication and enables customers to identify themselves, which in turn serves to minimize potential fraud through unauthorized online transactions. In this line of thought, simply providing a password or credit card information will in most cases no longer be sufficient to make a payment.

The customer should be identified by at least two of the following three factors:

  • Knowledge: that is something only the customer knows. Examples: a PIN or a password.
  • Inherence: finger-print, recognition of iris, face, voice, etc.
  • Possession: number sent via SMS to a customer`s mobile phone; chip card, token device.

Or put another way, if the owners of online stores do not implement 3DS in their online stores, the probability of a rejected transaction is high, which would harm customers and their desire to order, respectively, pay for an online product, which actually damages their consumer experience, and a second time to the merchant himself, as this would deter in some extent his commercial aspirations and profits.

This is why every owner of online store should take two extremely important steps to fulfill his obligations correctly and to continue his business on the Internet without any problems, namely:

  • To contact their payment service provider, which they use in their online store, to discuss and implement the so-called EMV 3D Secure in the respective e-commerce store.
  • To describe the new changes in the Terms and Conditions of the respective website, such as: when the strong customer authentication has to be applied, the identification process itself (for example, a combination of at least two independent elements, such as a physical item – a card or a mobile phone – combined with a password or a biometric feature will be used to make a payment), when the authentication is not applied (for example, for payment transactions not exceeding 60 BGN, and at the same time the cumulative amount of previous transactions since the strong customer authentication was last undertaken does not exceed 200 BGN), etc.

The new Regulatory Technical Standards on Strong Customer Authentication are binding on owners of online stores, the latter having to be responsible as online frauds with stolen, hacked and other bank cards of customers who are unaware of the crime have increased recently. Therefore, such actions by the banking sector and the owners of online stores to put in place a better system for identifying customers when making online payments are the correct and adequate response to prevent future frauds.

EACH CLIENT WILL RECEIVE A FREE E-BOOK CONTAINING ARTICLES WITH USEFUL INFORMATION ABOUT TRADEMARKS.

FOR YOUR NEXT ORDER OF ANY OF OUR SERVICES YOU WILL RECEIVE UP TO 15% DISCOUNT.