On September 14, Strong Customer Authentication comes into force as part of the EU Payment Services Directive (PSD2). For customers, this means that payment will be even more secure. If they want to pay online, they will have to authenticate their payment using two different factors. These could be, for example, a password, a transaction authentication number (TAN), or their own fingerprint. This will also change the payment process for Zalando customers, especially for credit card payments. We have extensively tested the process and are one of the first e-commerce companies to introduce it.
In our video, we show the new, two-step payment process with the example of a credit card payment from the shopping basket to the conclusion of the purchase. Currently, our customers use their credit card number, expiration date and Card Verification Value (CVV) to verify the possession of that credit card. Many new features have been introduced including fingerprinting as an additional biometric authentication factor (see infobox).
After our customers have decided on a payment method and stored the corresponding information, the data is encrypted and transmitted to our customer's bank. This secure data transfer is made possible by the technology provided by the Adyen payment platform. In our video example, the customer installed her bank app on her smartphone. The bank sends her a notification about the additional authentication of the payment. By clicking on the message, the customer arrives at her bank app and is asked to confirm the payment with her fingerprint. After successful verification, she is automatically redirected back to Zalando’s checkout process. The order is now successfully completed.
PSD2 in a nutshell
The EU Directive PSD2 applies to all digital payment methods. The look and feel of the authentication experience for the individual customer is determined by the respective bank. According to the new directive, three groups of factors are used for authentication. These are:
Knowledge (e.g. password),
Possession (e.g. a smartphone, a one-time password) and
Inherence (e.g. fingerprint).
For each payment, two factors from different groups must be acquired. Two-factor verification helps customers make their online purchases even more secure.