Although the European Banking Authority’s Revised Payment Services Directive (PSD2) already applies as of 13 January 2018, organizations still have until April of next year to become compliant with the regulatory technical standards for strong customer authentication (SCA). It’s not too late to make the most of the opportunity that PSD2 offers, especially if you start planning immediately.
Related resource: PSD2: Turning a compliance challenge into business success.
Every organization has its own unique IT environment, but there are a few guiding principles that apply across the board. Follow these rules to ensure a successful SCA implementation.
Do:
Define a clear project scope
Before you begin your SCA implementation, you need to define its scope – not only in terms of deliverables, but also the process itself (e.g. a PRINCE2 or Agile approach). The more detail you can define early on, the smoother your implementation will run.
Clarify the requirements for your organization
All key stakeholders need to be aware of the SCA requirements your organization needs to meet. Narrowly defining these requirements will also make it easier to select a technology vendor.
Find the right implementation partner
The right partner’s technology should enable you to meet all your immediate requirements, including state-of-the-art SCA, but should also future-proof your organization against regulatory roadblocks further along the line.
Don’t:
Don’t neglect the fine print
The devil is in the detail, and from my experience no two authentication implementations are the same. Various factors need to be taken into account, such as your organization’s specific internal processes and your region’s local regulation guidelines.
Don’t waste time
Given the current PSD2 timeline, a custom-made solution is no longer an option. However, your technology partner may be able to offer you an off-the-shelf SCA compliance product that is quick to integrate but doesn’t skimp on performance.
Time is running out for compliance with PSD2, but with the right implementation partner, you can meet its deadline and all your regulatory requirements.
Entersekt's Strong Customer Authentication solution is also PSD2 compliant. Read more about our technology here.