Online Payment Regulations Raise Call for Multi-Factor Authentication

Online payment systems have been undergoing some major changes recently, with new regulations from the EU pushing for the consistent application of two-factor authentication. As part of the Payment Services Directive 2 (PSD2), this change aims to modernize payment services by increasing user confidence and safety standards. Though full implementation could be a few months off, this change is the latest in a long line to help standardize online safety features, which security experts have enthusiastically praised. These changes are extensive and impactful, so, to help you, here is a guide to the main factors. 

PSD2 Specifics

Built from the foundations of the 2005 PSD directive, the new PSD2 officially came into operation in 2018 alongside the rollout of GDPR. Though the definitions and rules for the new system were simple on the surface, the actual implementation was problematic. This is particularly the case for Strong Customer Authentication, or the area relating to multi-factor authentication. Complications in rollout then led to an extension until December 2020, which was then extended to a final date of September 14th, 2021. As detailed in this PSD2 guide, the components of this new ruleset applied to three different systems. These were stronger two-factor security, reduced exclusivity of data for banks, and better rights for the customer. Together, these aimed to streamline some aspects of online payment, while ensuring the best possible modern security features were implemented.


GDPR green” (CC BY 2.0) by Infosec Images

Differences to the User

Like many changes to wide-reaching security regulations in the last few years, many of the broader changes from PSD2 won’t be noticeable to the user. The big exception here comes from the increased availability of two-factor authentication systems. Since these are overwhelmingly accepted as the safest and most reliable security systems for average users, this should be a very positive thing. Of course, taking advantage of this better security means users will have to manage a two-factor device. For those unaware, this usually means adopting a mobile app like Google’s authenticator which can tie into various online services. When implemented properly, two-factor should just mean an extra step of tying mobile confirmation of purchases made on other systems or websites back to a user’s confirmed device.

A Safer System

Though the changes experienced by the end-user should be small, the effect that they could have on safety is likely to be profound. With fewer avenues from which hackers can attack, online financial safety should be much higher, especially if combined with other diligent practices like regular malware scans. Indirectly, the increased confidence afforded by this change should also pay off for online businesses. With fewer risks of payment data interception, it should be much easier for businesses to build trust. Since online ordering has already surpassed traditional methods in many ways, this last move could represent another significant step up on the path to digital payment supremacy.

Online Shopping Security

Online Shopping Security” (CC BY-SA 2.0) by perspec_photo88

With not long left until the deadline of PSD2 integration, we should soon be entering an age of safer online payments for everyone. In the never-ending tug of war between hackers and security experts, the new PSD2 changes will be another way to fight online theft. Though this development will have to be tempered by other evolving security technologies, the coming environment developed by these systems should be safer than ever.