The procedure may not make sense to others, but it makes perfect sense to professionals. The issuing bank is the party that is held accountable and liable for the transaction under the existing system. In addition, in accordance with the PSD2 rule for Strong Customer Authentication (SCA), the financial institution is required to confirm the identity of the customer who initiated the transaction.
On the other hand, customers may find the whole process quite befuddling and have no choice but to believe the handoff between the merchant and the issuer blindly. You will be taken out of the user-friendly shopping environment and into the mobile banking application when you hit the “Pay now” option. This change in channel puts the customer journey, which has been meticulously managed, in danger of being disrupted and exposes the consumer to the possibility of man-in-the-middle assaults. In the end, the quality of the client experience is determined by the issuer’s ability to deploy the solution successfully. And the retailer has no control over this aspect of the transaction.
The online business method is open to development, and instruments are accessible to make the necessary adjustments. Recently, to comply with the PSD2 regulation, credit card schemes enhanced the authentication procedure known as 3-D Secure. In addition to that, at the same time, they included an ingenious new feature called Delegated Authentication. The outcome of the authentication is sent to the issuer by the merchant by way of the 3-D Secure server, which is meant by the term “delegated authentication.” In addition, in principle, it gets rid of the necessity for authentication on the part of the issuer, which gets rid of at least one stage of authentication and makes the purchasing process easier.
On the other hand, authentication is a key component of risk reduction from the issuer’s standpoint. An issuer relies on SCA solutions, such as the SCA solution, in order to verify clients and give their transactions the go-ahead. These solutions must adhere to stringent guidelines: The SCA solution is certified to comply with PSD2, making it possible to conduct online and offline authentication. Both internal and external security specialists test it on a regular basis.
To function properly, the merchant must implement a trusted banking-grade SCA solution for Delegated Authentication. Delegated authentication will only be able to ease the interaction between the merchant and the issuer if trust has been established. When trust is built, a contractual framework supplied by the schemes eliminates the need for a one-on-one agreement between the merchant and the issuer, and the management of the transfer in obligation is carried out properly.
Below is an infographic from LoginID entitled “How Delegated Authentication and Payment Authentication work with PSD2.”