COVID-19 UPDATE
500,000 monthly readers are maximizing their advertising conversions with conversion intelligence.
The average online user is exposed to anywhere from 6,000 to 10,000 ads every day.
Dec 31 2020
Recently, the official news from the Apple App Store mentioned information about customer authentication, and that starting December 31, 2020. EU legislation introduced strict customer authentication (SCA) requirements for users in the European Economic Area (EEA), which could affect the way they complete online purchases.
And for games and apps with in-app purchases, have their developers prepared for this in advance? The App Store and Apple Pay will then support strong customer authentication, and you'll need to verify your application’s implementation of StoreKit and Apple Pay to ensure purchases are processed correctly.
ASO World will go over the key points with you, and if your app or game includes in-app purchases, and your target market includes the EEA, you'll need to be further confirm that you're prepared accordingly.
Strong Customer Authentication is a set of rules for identity verification introduced by your bank or payment service provider to maximize the security of your funds and limit fraud. 2019 sees the introduction of a new rule in the EEA called Strong Customer Authentication (SCA), designed to further enhance payment security and limit fraud.
The settlement process for online purchases in the EEA is said to involve SCA and is expected to come into effect on December 31, 2020. For Apple App Store app developers, you need to go and pay attention to whether your in-app settlement is affected.
Strong Customer Authentication (SCA) is a new regulatory requirement out of Europe that requires payers to confirm autonomous acceptance of payments and the need to meet SCA requirements, and you need to have another identity verification built into the checkout process.
Specifics include the need for dual authentication for many online bank card payments in Europe. Without such authentication, many payments may be declined by the customer's bank. This rule is intended to reduce fraud and improve the security of online payments.
Click "Learn More" to drive your apps & games business with ASO World app promotion service now.
Traditional card payments typically involve two steps: authorization and capture. The customer's bank or card issuer decides to approve a payment, which is considered an authorization, and performs a charge-back on the card, which is considered a capture.
With SCA, an additional mandatory step is required before authorization and capture: verification. This step helps protect the customer against fraud. To validate a payment, customers need to respond to their bank's request for information and provide additional information accordingly. This could be information they know, such as a password; it could be something they use, such as a phone; alternatively, it could be a part of their body, such as a fingerprint.
One of the most common ways to verify payments is through 3DS authentication. This can be identified by its brand name, such as "Visa Secure" or "MasterCard Identity Check". A new version of this method is now available, called 3DS 2.0 Authentication, which is expected to become the standard payment verification method.
Regardless of the method you use, the customer must participate in the session and give the verification in person, that is, they must use your website or application. This step is easier to add for companies that collect payments directly from customers; it's more complicated for companies that collect payments after the customer leaves the checkout process (Sometimes referred to as "out-of-session").
The Payment Services Directive (PSD2) is an EU regulation that requires strict customer identity verification (SCA) for certain online purchases to prevent fraud. In app stores, apps that initiate certain transactions via credit or debit cards must be authenticated by a bank or payment service provider before they can be completed.
For developers with in-app purchases whose target market includes the EEA, the following points need to be addressed:
So app developers involved in-app payments need to check if your users are having trouble with the payment process, and can consider payment channel options, etc. to improve the problem accordingly.
For in-app purchases that require SCA, the system will prompt the user to verify their credit or debit card. They will jump out of the purchase process, go to their bank or payment service provider's website or app for authentication, and then be redirected to the app store.
They will see a message here informing them that the purchase has been completed. Handling this interrupted transaction is similar to a "purchase" endorsement that requires approval from a home approver, or an updated App Store terms and conditions that the user needs to agree to before completing the purchase.
Make sure your app can properly handle interrupted transactions by initializing the transaction observer to respond to new transactions and synchronize pending transactions with Apple.
The observer helps your app handle SCA transactions, and when a user exits the app, the SCA transaction can update your payment queue with a "failed" or "delayed" status. When a user is redirected to the app store for authentication, a new transaction with a status of "Purchased" is immediately delivered to the app developer and may include a new value for that transaction Identifier property. You can test broken purchase scenarios in a sandbox for a specific sandbox Apple ID.
Apple Pay includes built-in authentication and does not require additional authentication from your bank. However, to avoid payment issues when using Apple Pay, on your app, make sure you use the correct country code in your payment request and that the final amount is shown on the payment form.
The value on the country code for PK Payment Request (for the app) and Apple Pay Payment Request (for the website) should be set to the correct two-letter country code in the country where you are processing the funds. Setting the value here correctly ensures that the PSD2 compliant code is used when both the merchant country code and the user's card issuer are located within the EEA.
Show the final amount on the payment form instead of the pending amount. This will facilitate a dynamic link where the transaction amount and merchant identifier are included in the password to prove the origin and authenticity of the transaction.
Of course, you can also use other third-party collection channels, but before doing so you need to confirm that these collection service providers have opened specific payment API based on the new SCA rules that can help you cope with this change and take advantage of all possible SCA exemption opportunities.
Given that implementation is approaching, we recommend that you prepare your payment processes so that you are ready for the SCA as soon as possible.
As European banks increase their implementation of these requirements, this will help prevent an increase in drops and prevent the loss of customers during multiple parts of the certification process. The new Payment API and other solutions that support SCA is designed to take this uncertainty into account.
Get FREE Optimization Consultation
Let's Grow Your App & Get Massive Traffic!
All content, layout and frame code of all ASOWorld blog sections belong to the original content and technical team, all reproduction and references need to indicate the source and link in the obvious position, otherwise legal responsibility will be pursued.
Comments
Bob Benson
@Lee Jennings From the announcement of PSD2 SCA in 2017, we have been actively involved with industry discussions and have been influencing the direction of travel as the debate has developed.
Bob Benson
@Lee Jennings As the practical implications become clearer, we have taken the necessary steps to first ensure the 3DS 2.0 mandate is met, as well as exploring options to achieve the right balance between managing fraud risks and minimising disruption in the payment journey.
Bob Benson
@Lee Jennings Barclaycard can offer insight on the support merchants may need. We can partner with merchants on the roll out of new industry protocols, as well as continuing to help with demystifying PSD2 SCA.
Sophie Daniel
@Diane Garza The payment journey may look a little different. Authentication used to be required on an exception basis, i.e. where the risk of the transaction was regarded as ‘high’, additional authentication might have been triggered via 3D Secure as the current protocol.
Sophie Daniel
@Diane Garza This is commonly known as a "step-up". Since September 2019, additional authentication has become the default. All qualifying transactions are being “stepped up” unless an exemption applies.
Kristina Joseph
@Stacey Craig PSD2 requires the use of two independent sources of validation by selecting a combination of two out of the three categories (commonly known as two-factor authentication).
Barry Beck
@Erin Matthews From the announcement of PSD2 SCA in 2017, we have been actively involved with industry discussions and have been influencing the direction of travel as the debate has developed.
Barry Beck
@Erin Matthews As the practical implications become clearer, we have taken the necessary steps to first ensure the 3DS 2.0 mandate is met, as well as exploring options to achieve the right balance between managing fraud risks and minimising disruption in the payment journey.
Barry Beck
@Erin Matthews Barclaycard can offer insight on the support merchants may need. We can partner with merchants on the roll out of new industry protocols, as well as continuing to help with demystifying PSD2 SCA.
Rosa Robbins
@Charles Sparks You will need to activate two-factor authentication (2FA) over the next few weeks, as it will become compulsory when logging in to their Ebury Online account AND when instructing new payments. 2FA is already available to set up when logging in to Ebury Online, and will soon become a feature when making payments.
Shawna Cox
@Iris Frank The original Payment Services Directive (PSD) was created in 2007 to focus on improving payments—particularly credit transfers, direct debits and cards.
Shawna Cox
@Iris Frank As the digitization of the European economy has progressed massively over the last few years, the PSD has needed to update to include new players—such as fintechs like Ebury.
Shawna Cox
@Shawna Cox PSD2 is coming into force to make payments safer, increase client protection, foster innovation and competition, and ensure a level playing field for banks and other payment service providers alike.
Van Burke
@Terri Rice Purchases made with Apple Pay, which already meets SCA requirements, will not require additional authentication. Purchases made with mobile phone billing, other payment services, or an Apple ID balance (from gift cards or adding funds) will not require additional authentication.
Roger Watkins
@Pauline Holt SCA COMPLIANCE. PREVAILING WAGE RESOURCE BOOK. PRINCIPLES. INTRODUCTION. Service Contract Act (SCA) wage determinations set forth the prevailing wages and benefits that are to be paid to service employees working on covered contracts exceeding $2,500.
Krista Hogan
@Brian Briggs Strong Customer Authentication (SCA) is a new European regulatory requirement to reduce fraud and make online payments more secure. To accept payments and meet SCA requirements, you need to build additional authentication into your checkout flow.
Santiago Norris
@Pearl Colon The Society for Creative Anachronism (SCA) is an international non-profit volunteer educational organization. ... If it was done in the Middle Ages or Renaissance, odds are you'll find someone in the SCA interested in recreating it.
Guillermo Craig
@Lillian Moran The new EU Payments Services Directive (PSD2) took effect in January 2018, bringing in new laws aimed at enhancing consumer rights and reducing online fraud. A key element of PSD2 is the introduction of additional security authentications for online transactions over €50, known as Strong Customer Authentication (SCA).
Timmy Norris
@Rickey Holloway Strong Customer Authentication (SCA) is a requirement of PSD2*, which asks businesses to use at least two authentication elements to verify electronic payments. The point of this is to reduce fraud and make online payments more secure for you. ... This means all bank transfers and most card payments will require SCA.
Diana Stanley
@Pam Day SCA stands for Strong Customer Authentication, and it is one of the regulations under the Revised Payment Service Directive (PSD2). It states that a customer must verify their identity before payment information can be exchanged between a financial institution and a third-party provider (TPP).
Jackie Kelley
@Arturo Holt Nowadays, the usage of biometric devices such as hand scanners and retinal scanners is becoming more common in the business environment. It is the most secure method of authentication.
Beatrice Simmons
@Jerome Webster User authentication is a process that allows a device to verify the identify of someone who connects to a network resource. There are many technologies currently available to a network administrator to authenticate users. The Firebox also has its own authentication server.
Gayle Sherman
@Dora Simmons Purchases made with Apple Pay, which already meets SCA requirements, will not require additional authentication. Purchases made with mobile phone billing, other payment services, or an Apple ID balance (from gift cards or adding funds) will not require additional authentication.
Miranda Ford
@Dustin Hayes Strong Customer Authentication (SCA) works to ensure that it is genuinely you whenever you log in or authorise payments while banking online. It is designed to help keep your financial information safe and make online banking even more secure. Last updated: May 26, 2020.May 26, 2020
Earl Banks
@Amelia Cain Exemptions. Card transactions below €50 are considered low value and are generally exempt from authentication. However, if the customer initiates more than five consecutive low value payments or if the total payments value exceed €100, SCA will be required.
Howard Mills
@Shawna Hall Strong Customer Authentication Part of the Revised Payment Services Directive (PSD2) published in 2018, Strong Customer Authentication (SCA) is intended to make payments more secure, requiring online sellers to implement more stringent methods of ensuring the payments they are taking are genuine.
Kate Blair
@Jack Dawson Strong Customer Authentication (SCA) is a new European regulatory requirement to reduce fraud and make online payments more secure. To accept payments and meet SCA requirements, you need to build additional authentication into your checkout flow.
Myrtle Glover
@Priscilla Rodriguez The way your bank or payment services provider verifies your identity or validates a specific payment instruction is changing. ... The new rules, introduced in 2019, are intended to further enhance the security of payments and limit fraud. They are known as Strong Customer Authentication (SCA).
Donnie Page
@Raymond Wong 14 September 2019 Banks will need to start declining payments that require SCA and don't meet these criteria. Although the regulation was introduced on 14 September 2019, we expect these requirements to be enforced by regulators over the course of 2020 and 2021.
James Farmer
@Cecelia Perkins Strong customer authentication (SCA) is a requirement of the EU Revised Directive on Payment Services (PSD2) on payment service providers within the European Economic Area. The requirement ensures that electronic payments are performed with multi-factor authentication, to increase the security of electronic payments.
