sk sk
Why is a strong customer identification applied by payments and what does it practically mean?
Payment services provided electronically should be provided securely using technologies capable to guarantee a secure user authentication of the user and minimizing the risk of fraud. As fraud methods are constantly changing and the volume of fraudulent transactions is constantly increasing, the requirements for strong customer authentication should allow innovation in technical solutions in response to emerging threats to the security of electronic payments. Thus, strong customer authentication of the user is applied in practice by using two or more authentication elements from the following three categories when performing electronic payment operations on the Internet: a) knowledge - e.g. password, PIN, answers to agreed control questions, b) ownership - e.g. ownership of a device (usually a mobile phone) capable of generating (e.g. via a specialized authentication application) or receiving one-time passwords (e.g. via SMS) or signatures (tokens), c) characteristics of the payment card holder (inherence) - e.g. capture of biometric data in the form of fingerprint, voice, the geometry of the client's face. The individual elements should be independent of each other and designed in such a way that the disruption of one element does not impair the reliability of the other elements. Strong authentication, therefore, means that payment service providers that allow users to carry out payment transactions on the Internet are obliged to authenticate (verify the identity of) the payment service user with each payment through at least two of the above categories. If the identity of the payment service user is not correctly verified and does not fall under any of the exceptions to the strong authentication obligation, the payment will be declined. The transition to strong authentication of payment service users has been taking effect since 14 September 2019. The NBS and other supervisory authorities in the EU have agreed that in card transactions on the Internet (e-commerce payments) the fulfilment of this obligation will be supervised and required from 1. 1. 2021.