EU believes they are working to break DOWN online barriers

EU believes they are working to break DOWN online barriers
Thursday, July 25, 2019

EU believes they are working to break DOWN online barriers that prevent people from enjoying full access to goods and services...
..Unfortunately, they are CREATING barriers!


Take Free Speach. When laws come out that make it illegal to repeat, post or share the horrors of a terrorist group..
..When laws prevent you from criticizing a religion..
..Have barriers been reduced or Created?

A Eutopian on and offline experience seems to be the desire.
..Sheild people from understanding the horrors of a terrorist group.
..Sheild people from speaking against the government or a person.
...Online Eutopia!

In the past year, folks have begun to realize that they are now living in this type of world, in EU, Now... and it is only getting Worse!

Eutopian Approach to eCommerce is now spreading.
..The idea is, by implementing a newer and higher rule for how persons pay for items online, fraud will be decreased.
...That's nice, but what is really happening?

Take for instance, Authorize.net, a big player in the merchant processing industry, which vertually every bank has an API to use their gateway.  
Authorize.net recently provided this response, to a client in EU.. Read it Carefully..

"On 14 September, 2019, PSD2 (the Second Payments System Directive) becomes a regulatory requirement for all businesses accepting digital card payments in Europe or from European customers. The directive requires Strong Customer Authentication (SCA), which is a method of verifying the identity of a card user by requiring two different forms of authentication to accompany the transaction. The most common way of performing SCA is by using an authentication tool called 3-D Secure (3DS), which the card schemes currently use to verify online transactions."

"Authorize.Net does not currently support 3-D Secure or any form of SCA. To accept payments in Europe or from European customers, we would recommend setting up an account with CyberSource."

"Unfortunately CyberSource has a minimum threshold of 10,000 transactions per month in order to be on boarded, so we cannot onboard you as a merchant."

Ok, so they are turning business away, and suggesting folks to go to CyberSource, having a min 10k threshold.
Granted, $10k in sales in minimal, but for a start up, that is scary.  Further, the rates you are forced into are huge.

Think about it. The available processors dropped to only a few.

MERCHANT MINIMUMS
With limited competition, the remaining players can set high standards, such as $10k or more, or you can not start a business!

MERCHANT COSTS
Limited Competition, they can charge what ever they like in processing and transactional fees!

HIGH RISK BUSINESSES
Worse, if you are deemed an MLM, Direct Selling, Party Plan, Nutritional, Adult Toys, or other 'High Risk' business, you already had a slim number of processors to take your business. Now, even the largest merchant processors have closed shop!
..Thus if anyone takes you, they can really charge high fees!

PROGRAMMING
Ok, so let's say navigate the guantlet and get approved! WooHoo!
Wait how does this work for a Customer?
How does my website get programmed for this?
..That's right, the EU lawmakers simply 'expect' that you can absorb the programming for this new type of integration!
..Of course, you push back on your website folks/programmers, as if they are expected to do it!
....Ultimately, YOU will pay for it, or it will not get done.

How did this come to be?
May 2019, "The EU has today made public its text proposal on future rules and obligations on e-commerce as part of WTO negotiations on e-commerce endorsed by Ministers in the margins of the Davos World Economic Forum in January 2019. The release of the text proposal is part of the EU’s commitment to transparency and inclusiveness in the development of its trade policy."
..It is a Proposal for future rules.
..Everythign speaks Proposal
..Yet all feel forced that it is Law... searching...

European Banking Authority's opinion on strong customer authentication
21 JUNE 2019, FINANCIAL STABILITY, FINANCIAL SERVICES AND CAPITAL MARKETS UNION
European Banking Authority's opinion on strong customer authentication
The European Banking Authority adopts an opinion on the elements of strong customer authentication under the second payment services directive (PSD2).
..Banking Authority issues Opinion

And here is the opening paragraph..
"The European Banking Authority adopted an opinion on the elements of strong customer authentication under the second payment services directive (PSD2). PSD2 granted the European Banking Authority a number of mandates to develop draft regulatory technical standards (RTS), including the RTS on strong customer authentication and common and secure communication, which the Commission adopted on 27 November 2017 (Commission Delegated Regulation (EU) 2018/389)"
..The Banking Authority "ADOPTED" an "OPINION" on the "ELEMENTS" of strong customer authentication...
..Under the directives of PSD2 whch grant them the "MANDATE" to "DEVELOP DRAFT REGULATORY TECHNICAL STANDARDS"

So they are Mandated/Authorized to draft the Regulatory Technical Standards..
..And now we are here.. in EU having these requirements come down the pipe.
..In short, some of it is like a 2 factor authentication, however, for 99% of ecommerce shoppers and 100% of ecommerce businesses, this is an insane burden.

There will be more clarification..
"The Commission welcomes EBA’s opinion which clarifies how authentication elements comply with the new EU rules on strong customer authentication (SCA). The opinion will assist national competent authorities (NCAs) in preparing their markets, in particular in the cards business, to apply PSD2 and the RTS on strong customer authentication and common and secure communication as of 14 September 2019."

They know this is a big task and difficult to complete..
"The EBA recognized that migrating the whole EU payments ecosystem to SCA is challenging. This is particularly true for those actors that are not subject to PSD2, such as merchants. Some actors may not be fully ready for performing SCA from 14 September."

Ahh and they state that the rules to be applied have been notice since November 2017..
..So why are so many merchants and merchant providers NOT READY?
..And why, in June was it still an OPINION To be Considered?
..If was actually Mandated in 2017 with the rules, then folks would be ready...
"The Commission calls on all market players to step up their efforts in the run-up to 14 September. Rules to be applied from 14 September have been known since the adoption of the RTS in November 2017 and should not represent a surprise for any market player."

Here.. they tell you who will Pay for it!
"It is indispensable that all stakeholders, banks, acquirers, merchants, etc. equip themselves with the relevant IT tools to apply the new requirements on time. It is also indispensable that proper communication and information campaigns be rapidly launched in order to raise awareness among all stakeholders, including bank customers, about the forthcoming changes. "

That is right.. It is indispensable that all:
 - stakeholders
 - banks
 - acquirers
 - merchants
 - etc
equip themselves with the relevant IT tools to apply the new requirements on time

Thus they are telling you to spend an untold amount of time on IT resources to adapt these rules that have been imagine, formed into an opinion, and adopted June 2019 to be LAW of Banks by September 2019.

DETAILS PLEASE
Under PSD2, and as reiterated in the RTS, SCA is defined as an ‘authentication based on the use
of two or more elements categorised as knowledge (something only the user knows), possession
(something only the user possesses) and inherence (something the user is) that are independent,
in that the breach of one does not compromise the reliability of the others, and is designed in
such a way as to protect the confidentiality of the authentication data’.

Again, Authentication based on the use of..
.....2 or more elements, categorized as:
 - Knowledge (something only the user knows)
 - Possession (something only the user possesses)
 - Inherence (something the user is)
..each being Independent
..in the the Breach of One does not compromize the other and is designed to protect confidentiality of the authentication data

Inherence element
....Table 1 — Non-exhaustive list of possible inherence elements
/Element / Compliant with SCA?*/
Fingerprint scanning Yes
Voice recognition Yes
Vein recognition Yes
Hand and face geometry Yes
Retina and iris scanning Yes
Keystroke dynamics Yes
Heart rate or other body movement pattern identifying that the PSU is the PSU (e.g. for wearable devices) Yes
The angle at which the device is held Yes
Information transmitted using a communication protocol, such as EMV® 3-D Secure No (for approaches currently observed in the market)
Memorised swiping path No
..*Compliance with SCA requirements is dependent on the specific approach used in the implementation of the elements.

Possession element

....Table 2 — Non-exhaustive list of possible possession elements
/Element / Compliant with SCA?*/
Possession of a device evidenced by an OTP generated by, or received on, a device (hardware or software token generator, SMS OTP) Yes
Possession of a device evidenced by a signature generated by a device (hardware or software token) Yes
Card or device evidenced through a QR code (or photo TAN) scanned from an external device Yes
App or browser with possession evidenced by device binding — such as through a security chip embedded into a device or private key linking an app to a device, or the registration of the web browser linking a browser to a device Yes
Card evidenced by a card reader Yes
Card with possession evidenced by a dynamic card security code Yes
App installed on the device No
Card with possession evidenced by card details (printed on the card) No (for approaches currently observed in the market)
Card with possession evidenced by a printed element (such as an OTP list) No (for approaches currently observed in the market)
..*Compliance with SCA requirements is dependent on the specific approaches used in the implementation of the elements.

Knowledge elements
....Table 3 — Non-exhaustive list of possible knowledge elements
/Element / Compliant with SCA?*/
Password Yes
PIN Yes
Knowledge-based challenge questions Yes
Passphrase Yes
Memorised swiping path Yes
Email address or user name No
Card details (printed on the card) No
OTP generated by, or received on, a device (hardware or software token generator, SMS OTP) No (for approaches currently observed in the market)
OPINION OF THE EBA ON SCA ELEMENTS
Printed matrix card or OTP list No
..*Compliance with SCA requirements is dependent on the specific approach used in the implementation of the elements.


Other requirements, including dynamic linking and independence
In addition to having (at least) two elements, each from a different category, the RTS include
further requirements for PSPs in the context of SCA. This includes the requirement for any
electronic transaction made remotely (e.g. in the context of e-commerce) to include dynamic
linking as defined under Article 5 of the RTS and required under Article 97(2) of PSD2. This
requirement would not apply to credit transfers performed at automated teller machines, given
that those transactions are not remote. The EBA notes that, at present, the dynamic linking
element is typically produced based on the possession element. The EBA also understands that
not all compliant elements may yet enable dynamic linking and therefore it encourages CAs to
ensure that envisaged (new) SCA approaches can enable dynamic linking.

ECOMMERCE
A number of existing approaches within e-commerce, for card payments in particular,
would NOT be compliant with SCA. This includes approaches in which card details printed in full
on the card are used as stand-alone elements or used in combination with a communication
protocol such as EMV® 3-D Secure or with only one compliant SCA element (such as SMS OTP). In
case some actors are not ready by the application date of the RTS, as pointed out in paragraphs
13 and 14 above, CAs have an important role to play, including by communicating with issuers
and acquirers to identify SCA approaches, migration plans and customer communication plans.
With regard to acquirers, CAs should, in particular, request information on the approaches they
are implementing with all their merchants to support the application of SCA and on the migration
plans (including clear milestones) that they have established to comply with the requirements

A few references:
https://eba.europa.eu/documents/10180/2622242/EBA+Opinion+on+SCA+elements+under+PSD2+.pdf

https://ec.europa.eu/info/sites/info/files/business_economy_euro/banking_and_finance/documents/190621-eba-opinion-strong-customer-authentication-statement_en.pdf

http://trade.ec.europa.eu/doclib/press/index.cfm?id=2016

MLM Software by Inspetta, facing the challenges of changing economies!
For more info on our services, contact Inspetta at 888-221-0106, Sales at 619-770-7107

MLM Software Features

Features of MLM Software may vary, based on the Version or your Budget. That said, if your budget dictates your decisions, you could handicap your business. Common MLM Platform features to consider include Public eCommerce Integration, Product Commissionable Values, Public Content Management, Distributor Corporate Resource or Training Area Management, Reports, Newsletters, Order Management, Autoships, Distributor and Customer Management, Genealogies, Commission Calculations, Payment Gateways and Inventory Management.

Or visit http://Inspetta.com
Or for MLM Software visit http://MLMSoftwareCentral.com
EU believes they are working to break DOWN online barriers

Comments

Only registered users can leave comments.
Comment text:  

What truly set's our MLM Software apart?...
The extensive feature sets, integrated into high-performing and dependable platform, designed to SELL!

Launch in Less than 30 Days!

New Startup or Upgrade Current System

Get Started


Copyright © 2019 MLM Software and Party Plan Central. All rights reserved. | Powered by Inspetta