From 14 Sep 2019, electronic payment transactions must be carried out with strong authentication or under the application of an exemption (Regulation (EU) 2018/389).
It is necessary to use two or more items categorised as 'knowledge' (something only the user knows), 'possession' (something only the user possesses) and 'inheritance' (something that the user is). Combining the card number with the CCV and the expiry date of the card cannot be deemed a reliable knowledge or possession element.
Payment service providers and the retail trade are working on an action plan for the full adoption of the strong authentication factors in a term of under 14 months, starting from September 2019, as a measure to minimise the potential impact of this situation, without compromising payment security.
Deploying the technology solutions that will enable the right balance between security in remote card payments (strong authentication) and the need for user-friendliness and accessibility of payments (exemptions) in the area of e-commerce.
Adapting the time periods needed by the various stakeholders, including businesses, to adapt their platforms to suit the new requirements with a minimum impact on the user experience.
This will enable these payments to continue to be made in an e-commerce environment where the level of security is very high, as shown by the fraud ratios.