Strong Customer Authentication (SCA)
With €958 million in fraud losses in 2013, CNP fraud was not only the largest category of fraud in absolute value but, unlike ATM and POS fraud, also the only one recording an increase compared with the previous year, with growth of 20.6% from 2012. (ECB: Fourth report on card fraud, July 2015)
On 12 January 2016, Directive (EU) 2015/2366 on payment services in the internal market (PSD2) entered into force in the European Union, and it will apply from 13 January 2018. Among others, the main objectives of this legal framework are stated as:
Security of electronic payments is fundamental for ensuring the protection of users and the development of a sound environment for e-commerce. All payment services offered electronically should be carried out in a secure manner, adopting technologies able to guarantee the safe authentication of the user and to reduce, to the maximum extent possible, the risk of fraud.
(Directive (EU) 2015/2366, (95))
As per Article 98 of the PSD2 the European Banking Association (EBA) was mandated to develop draft regulatory technical standards (RTS) for Strong Customer Authentication (SCA) in close cooperation with the European Central Bank (ECB) and other relevant stakeholders. Surveys and statistics show that, in terms of both transactions and value, fraud in the area of retail payments, in particular for remote (‘card not present‘, CNP) transactions8, has increased significantly in recent years.
(ECB: Fourth report on card fraud, July 2015)
Customer Verification System (CVS)
Based on 25 years of experience in banking and smartcard technology, interpreting and understanding trends within the industry, BGS was among the first solution providers to offer and market cost effective solutions that are specifically designed to establish an extra layer of trust between a bank and its clients, especially in relation to the trust in the identity of the client.
The underlying objectives in designing the solution were ease of implementation and management, requiring limited operational support and being highly adaptable to address new threats. Our Customer Verification System has been designed based on PLA2010 and CTGS2010 specifications, both integral parts of the proven EMV CAP methodology.
Our multilayer encryption methodology protects the communication between bank and customer from all kinds of threats such as fraud-after-theft, hacking, malware, Man-in-the-middle, and all known SSL weaknesses. The solution consists of an SDK that is implemented on the phone within an app, and a Enrolment- and Authentication Host, which generates and encrypts keys via a Hardware Security Module (HSM) thus ensuring the protection of any sensitive data.
The convenience of use and the various use cases made it an immediate success in our first implementation at VTB Bank, the second largest bank in Russia, with about 500,000 users enrolled to the service.
Please find an article about the installation at VTB Bank here.
For full product information about strong customer authentication please
refer to our product brochure "BGS Customer Cerification System"