Hi, Alberto! Can you share a bit about your professional journey in the payments industry?
As a telecommunication engineer, my first jobs were in the Telco Industry. However, at the end of this period and thanks to the introduction of the NFC technology, the Telco operators wanted to expand their business to the payment industry, and I started working on it since 2010. Thanks to the knowledge and experience that I acquired in that period in Digital Payments, I joined Mastercard 5 years ago, as Digital Payment Expert for Spain and Portugal. In the last 2 years, I have moved to the Cybersecurity field, critical for every payment solution.
Can you tell us more about your position at Mastercard?
Currently, I am responsible for the Cybersecurity & Intelligence Solutions in Mastercard for Spain & Portugal. In this role, I have to give advice and support to our customers (Issuers, Acquirers, and Merchants) in order to reduce fraud, increase the approval rate maintaining the best user experience. In that sense, I help them to integrate all the security products that Mastercard has in our portfolio. In the last year, I am also responsible for the PSD2 deployment especially regarding authentication (SCA).
How relevant for the industry is the new EMV 3DS standard, given the existing deadline for SCA implementation in Europe by the end of 2020?
It is very relevant, since EMV 3DS standard responds to all SCA requirements and, for that reason, allows merchants to be ready for the December 31st deadline of the PSD2. With digital commerce becoming the norm, and new regulatory requirements coming on board, innovative solutions are required to ensure retailers are continuing to delight customers online. With the power to exchange 10 times more data between merchants and issuers compared to the current authentication messages, including new mobile capabilities, and including all the message extensions needed to fully support all the SCA situation, EMV 3DS is the best solution to be compliant with PSD2 maintaining the best UX for the consumers.
What kind of challenges can payment stakeholders (e.g. merchants; gateways; acquirers) expect to face throughout this new standard’s implementation? Are there any extra transaction parameters to collect? What is the impact on the transaction flow?
Designed to improve the digital payments experience, EMV 3-D Secure (or EMV 3DS) will usher in a new era of safety for online transactions and will enable SCA with industry-standard supporting new technologies like biometric authentication. As explained before, the new standard could transport 10 times more information between merchants and issuers. This information will help issuers (but also merchants), in the final decision to launch a challenge to the customer or not. If I always buy in “Merchant X”, from my home (IP address), from my laptop or mobile phone, with the same browser setup in my language, and if the amount of the purchase is within an average range for me and for this merchant, maybe it’s me who is trying to make a purchase, so maybe there is no need to authenticate me.
Regarding the impact on implementation, clearly all the players involved have to make new developments to support the new standard, due to it is quite different from the previous one. However, the technical specs are available from 2018, and right now we are entering the final phase of end-to-end testing with the key players.
The EMV 3DS is focused on providing greater security, convenience, control, and flexibility, and also improved decisioning as well as whitelisting during the SCA transaction. This will end in a better and frictionless flow across the payment value chain with better user experience, particularly for the consumer. So clearly, EMV3DS could help to reduce the number of times that authentication is needed.
As of December 31, 2020’s deadline is approaching, what would be the consequences for non-compliance with the SCA mandate?
The SCA will be mandatory for all of those who want to have online/mobile transactions. Without it, it will be impossible to process the payment orders. Nevertheless, the final word is on the National authorities in every country, responsible for the compliant with PSD2. The European Banking Association and the European Commission have defined high fines to those that not follow the PSD2 regulation. It is important to say that this regulation applies only to Payment Service Providers.
In which ways can payment stakeholders accelerate the implementation time and guarantee a smoother transition to the new standard? Are there any possible shortcuts/best practices to meet the deadline?
Aiming at delivering a smoother online payment experience for consumers as this change takes effect, Mastercard rolled-out Mastercard® Identity Check™ — a next-generation authentication solution based EMV 3DS which delivers a more seamless online payment experience for consumers. With so many consumers used to one-click checkouts, this new Mastercard solution is designed to minimize disruption and unnecessary friction at the checkout. Identity Check also supports the SCA requirements of the PSD2 Directive.
In any case, developments in both sides (Acquirers / Issuers) are needed. There is no way to avoid this. However, there are plenty of providers already certified with EMVCo and with Mastercard, that can install a commercial solution tested and certified, in a short period of time. This is much faster than making all the developments needed in-house.
Thank you, Alberto.
For more information you can check our latest article The 3DS V2.2.0 Transition.
At Switch, we have a new 3DS Server to help you handle the shift. This means we will be able to handle your transactions through the new 3DS V2.2.0 as this becomes our new standard. E-mail us at email@example.com