We already know that PSD2 SCA mandates the use of Strong Customer Authentication (SCA) on all remote transactions that meet the specified criteria. There are also certain exemptions to this rule, which we’ve discussed at length.
This process is similar to the typical authentication process, in that the issuer is the ultimate decision-maker. While the merchant and the consumer are active participants in this process, the issuer is tasked with taking in all the data from the transaction, assessing it for potential risk and determining whether or not it should pass through authentication.
Since this is relatively basic and well-known information, you might be wondering why it’s important. In this context, it’s important because of the Visa Delegated Authentication (VDA) program.
VDA is going to flip this process on its head, by shifting responsibilities for transactions that meet the PSD2 SCA criteria. This program, much like the regular authentication process, works in conjunction with 3-D Secure, and gives issuers the ability to delegate SCA out to a separate entity, most likely a merchant.
But this separate entity can’t be just anyone. Acquirers will work with merchants to determine whether the merchant meets the necessary qualifications to be a part of this program. Additionally, during the transaction, merchants who do qualify will be required to send a flag to the issuer, which will indicate that they’ve successfully performed SCA on that specific transaction.
Merchants who wish to participate in this program also have to meet certain standards with respect to their fraud rate, not unlike the requirements for enrolling in 3-D Secure.
There’s still more we can discuss about this program, including Visa’s role, specific details and more.
But in the meantime, think about what effect this program could have on the larger digital payments space. We’d love to hear from you!