authenticate payments, Cyber Security, Daily news, E-Commerce, Fraud & Security, GDPR, Identity, Mobile payments, PSD2, PSD2 Strong Customer Authentication, Regulation, Risk & Compliance, strong customer authentication -

PSD2 Strong Customer Authentication – What do consumers think?

Payment Service Providers are pushing to implement their PSD2 Strong Customer Authentication (SCA) solutions ready for the September deadline. But of course it’s not just them that will be affected – it’s also their customers.

Customer experience rather than mere compliance could be the true battleground for PSD2, those PSPs that get it right will have happier customers, better Net Promoter Scores and ultimately will attract and keep more customers – according to a FICO Survey.

It is vital that PSPs realise their customers’ understanding of the changes that will happen and their views on how Strong Customer Authentication should happen. To inform this conversation FICO carried out a survey across 4 countries (the UK, Sweden, Germany and Spain), in each country 500 adults were surveyed.

Do Consumers Know About PSD2?

Those in the payments industry have been aware of and involved in PSD2 projects for several years, so it can be easy to forget that education of the public has not been prevalent.  In this survey, it was not expected that people would recognise the term ‘PSD2’, so it asked if they were aware that new legislation to tackle fraud meant that they were likely to encounter additional security checks when they make remote payments or use online banking.

The good news is that in every country surveyed most people say they do know at least something about the changes. However, a significant minority were completely unaware that they could expect to see more demands for authentication.


This is important, as when customers are not expecting change and don’t understand the reasons for it, they are likely to be more resistant to it and dissatisfied by it. To counter this, banks that implement Strong Customer Authentication will take the time and effort to educate their customers about the upcoming changes and the reasons for them.

Customers Don’t See the Need for More Checks

Across all countries surveyed, most respondents think there are already enough security checks – or even too many checks. This applied for both card payments and for push payments from their bank accounts.


This is important, as customers who think there are already enough checks are unlikely to welcome more. PSPs must gain in-depth understanding of where their customers think there are already enough or too many checks. In those instances where PSD2 will increase authentication requirements and customers already think there are enough security checks, they should look to implement low-friction methods.

Pushing a Specific Authentication Method Will Cause Issues

As this article in a The Guardian  shows, being too prescriptive as to how your customers can authenticate with you is likely to backfire. In the case reported, it led to a dissatisfied customer as well as negative publicity and reputational damage. This attitude was also reflected in the  survey: a significant number of customers would not be happy if they were pushed to provide a mobile phone number in order to authenticate payments.


While it is true that the majority would comply in providing their mobile phone, those that choose a different course of action could have a considerable negative impact on the business. A successful SCA strategy should allow customers choice whenever possible and shouldn’t deprive them of service if they are unable or unwilling to adopt a particular method.

There Are Many Impediments to Authentication

Offering customers a wide choice of authentication methods is a good place to start in building a customer-centric SCA strategy, but a need to orchestrate authentication methods is also needed.

The success of an authentication is dependent on multiple factors, which can change dependent on circumstances. Our survey showed that customers had concerns about many factors that could get in the way of a successful authentication and prevent them from completing transactions.

To demonstrate this, the survey asked consumers which factors they felt would be an impediment if they needed to receive a passcode to a mobile phone when making an online payment. Answers included:

  • It isn’t a secure or intelligent way for banks to contact me
  • Not sure if a passcode would come to me
  • It would be too complicated
  • Other people can access my mobile phone
  • My disability means I can’t use a phone this way
  • I might run out of battery
  • I might not have my phone with me
  • I wouldn’t trust a passcode sent this way
  • There’s poor mobile coverage where I live or work

Many of these factors are not static – for example availability of mobile signal depends on location and network outage. PSPs should be responsive to prevalent conditions and customer preferences and deploy solutions that can dynamically respond, to make sure that no transaction is left without a suitable route to authentication.

Key facts from the survey:

Secure Customer Authentication survey

The post PSD2 Strong Customer Authentication – What do consumers think? appeared first on Payments Cards & Mobile.