What are Strong Customer Authentication regulations and how will they impact school payments?

blank Nataliia Semenenko - 21 August, 2019

Category : Blog

What are Strong Customer Authentication regulations and how will they impact school payments?

School payments happen every day: parents pay for school lunches, clubs and trips all the time. Studies have shown that the number of cashless transactions is constantly increasing, with  more and more of these parents choosing to use online payments to purchase goods and services from schools.  It’s not a secret that online payments are

School payments happen every day: parents pay for school lunches, clubs and trips all the time. Studies have shown that the number of cashless transactions is constantly increasing, with  more and more of these parents choosing to use online payments to purchase goods and services from schools. 

It’s not a secret that online payments are susceptible to fraud (we’ve all heard stories about stolen credit cards and phishing sites that steal your details), so making online payments as safe as possible is a challenge for organisations all around the globe. As they became more aware of these risks, governments and financial authorities decided to take action by making payments more secure and protecting consumers when they pay online. They introduced the Payment Services Directive (PSD) in 2007 to regulate online payments in the EU and EEA, and in 2015 the updated directive –  second Payment Services Directive (PSD2) – was released. This introduced even more regulations, including Strong Customer Authentication.

What are Strong Customer Authentication regulations?

It was initially put forward that on 14th September 2019, new requirements for authenticating online payments will be introduced in Europe as part of PSD2. When you make an online payment, SCA requires you to use at least two of the following 3 elements:

  • Something the payer knows (e.g. password or PIN)
  • Something the payer has (e.g. mobile phone or hardware token)
  • Something the payer is (e.g. fingerprint or face recognition)

Update: UK Finance are now recommending an 18-month delay to the introduction of Secure Customer Authentication rules in the UK to give companies more time to prepare. While this might mean that SCA regulations are postponed, there is no guarantee, which is why we have made sure we are compliant. Arbor is set up for all eventualities so that your school won’t face any problems now, or in the future. Our updates to your system also means that school payments will be protected from fraudulent transactions, which is an added bonus!

From when SCA comes into action, banks will decline payments that require SCA and that don’t meet this authentication criteria (if you would like to read the original SCA requirements, they’re set out in this Regulatory Technical Standards document). These regulations will apply to British banks as well, as they are not dependant on any Brexit decisions. 

Authentication is typically added in as an extra step after checkout, where the cardholder is prompted by their bank to provide additional information to complete a payment (this could be a code sent to their phone or fingerprint authentication through their mobile banking app).

Under this new regulation, specific types of low-risk payments may be exempt from Strong Customer Authentication. Payment providers will be able to request these exemptions when processing a payment. The cardholder’s bank will then receive the request, assess the risk level of the transaction, and ultimately decide whether to approve the exemption or whether authentication is still necessary. Usually, transactions lower that £30 will be considered as low-risk and, in most cases, will not require any authentication.

How will this impact school payments?

SCA regulations will introduce small changes to the way people make card payments to school:

  • Initiating the payment: when the payer decides what they want to pay for (e.g. a school trip) and starts making the payment, they will be prompted to fill in their card details and to then initiate the payment.

Image 1: A screenshot showing you how to enter your card details into Arbor

  • Triggering dynamic authentication: it will be automatically detected whether authentication is needed for the payment to take place. If required, the payer will be prompted to authenticate the payment using an SMS code, bank mobile app or other element, depending on what their bank supports.

 

  • Completing the payment: Once the payer’s identity is successfully confirmed, the payment will be completed and their card will be charged. 

Image e: A screenshot showing a successful payment in Arbor

At Arbor, we’ve introduced changes to the way we process card payments to become 100% compliant with the new regulations, which means your school won’t face any problems when Strong Customer Authentication comes into practice. You also won’t need to make any changes if you use the card payment functionality in Arbor – we’ve taken care of all that for you already! 

 

If you’d like to find out more about how our simple, smart cloud-based MIS could help you transform the way your school handles payments, contact us. You can also book a demo by calling 0207 043 0470 or email tellmemore@arbor-education.com.