Jump to content
Gyakutsuki

Authentication for your online purchases will be strengthened and it will plummet e-commerce sites

Recommended Posts

On 14 September 2019, a major regulatory change will come into force and will force e-commerce players to tighten their controls over consumer purchases. From this date, they will indeed have to guarantee a strong authentication for payments, the simple validation of a purchase thanks to a code received by SMS not enough any more. In detail, merchant sites must ensure that you are at the origin of a payment using at least two of the following three elements: information that you are alone to know, as a word of pass or secret code, the use of a device that belongs to you, such as mobile phone, and a personal feature, such as facial or voice recognition or fingerprint.

In relation with the DSP2 !
 



Regards
-----------------------------------------
Loïc

Contact me by skype for business
Contact me @gyakutsuki for an answer on the forum

 

Share this post


Link to post
Share on other sites

Every time I clear the cache on my PC, I can't access my online banking without jumping thru hoops to prove it's me.  Entering the correct username and password is not enough, because since I cleared the cache...their software no longer recognizes the device I'm using and I have to request a text message with a code to enter before I can view my account again.  It's a PITA. 

Does this forthcoming change apply only to those with merchant accounts? 

Share this post


Link to post
Share on other sites

Clearly, the customer must first enter a password / personal information to authenticate from the bank's payment site and then use his mobile phone to receive a confirmation code and always enter it on the payment site as currently with 3D Secure.

It remains to be seen if the password / personal information can be entered when registering on Osc then be sent automatically to the bank site (as well as the information on the transaction) to avoid this step.


Osc v2.3.4 BS "custom"

Share this post


Link to post
Share on other sites

Already my web hosting company is making me use Google Authenticator for 2FA authentication. Perhaps, osC will consider also include GA in the login form?

Share this post


Link to post
Share on other sites

This only relates to payments as far as I am aware. Hopefully some of the payment modules here will be updated before then, but as its been asked many times before, I doubt they will. I wait to be proven wrong. I know Gary has tried to contact HPDL about this. I have been receiving emails from one of my payment providers for a while now about this. I think any payment processors like PayPal who deal with payments on their own site will have already made changes. Those like Stripe that use a payment form on the store will need to be changed.

Most other ecommerce packages have the changes ready to implement. I tried to find someone to update the Stripe payment module, and no one was interest on here or even on a freelancer site.


REMEMBER BACKUP, BACKUP AND BACKUP

Get the latest Responsive osCommerce CE (community edition) here

It's very easy to over complicate what are simple things in life

Share this post


Link to post
Share on other sites
6 minutes ago, 14steve14 said:

I have been receiving emails from one of my payment providers for a while now about this

I would be thinking the PSP (Payment Service Provider) will accomodate these changes. Our PSP offers lots of different Payment gateways (kind of every Payment you can think off - from AMEX to Apple Pay)  and the payment is allways processed on their site. We hook in their software (API) and they process the payment. We only render an order number and amount (checkout_confirmation.php) and then the customer is redirected to the PSP through checkout_process.php - If succesfull payment is done then the customer gets redirected to our site to checkout_succes.php

In the past we also have been doing the payment processing ourselves - but allready 5 years back we concluded it is much safer and even cheaper to make use of a good PSP.

This is a piece of Blog post of our PSP

Quote

Finally, the new regulations aim to improve the security of payments as well. While you as a business owner will not notice many payment-related changes in practice, your customers certainly will. In some cases, your customers will have to complete two-step verification. This means that the payment can only be finalized after confirmation by means of a code that is linked to the customer’s mobile number. Credit card issuer ICS already uses this process, for instance.

I hope this helps - Regards!

Share this post


Link to post
Share on other sites

@14steve14 We were in a similar boat but now signed up to SagePay as a payment provider (they take care of SCA) and to Barclaycard for a merchant account (variable charges but about 1.4% max).

Share this post


Link to post
Share on other sites
46 minutes ago, Heatherbell said:

@14steve14 We were in a similar boat but now signed up to SagePay as a payment provider (they take care of SCA) and to Barclaycard for a merchant account (variable charges but about 1.4% max).

May have to look at something else and may even move away from oscommerce. It will be a shame, but may be a necessity. We currently are a small online shop and paying for merchant accounts and monthly costs would probably mean a price hike. I do use PayPal and may have to turn off Stripe until something is sorted.


REMEMBER BACKUP, BACKUP AND BACKUP

Get the latest Responsive osCommerce CE (community edition) here

It's very easy to over complicate what are simple things in life

Share this post


Link to post
Share on other sites
5 minutes ago, 14steve14 said:

paying for merchant accounts and monthly costs

A good PSP probably offers better rates than you can get as a small shop. I have never seen monthly rates for a PSP.

Share this post


Link to post
Share on other sites
14 hours ago, 14steve14 said:

May have to look at something else and may even move away from oscommerce. It will be a shame, but may be a necessity. We currently are a small online shop and paying for merchant accounts and monthly costs would probably mean a price hike. I do use PayPal and may have to turn off Stripe until something is sorted

I have exactly the same situation. Stripe at 1.4% flat rate, with no other overheads, is a good deal for me compared to PayPal at 3.4%.  Merchant accounts, which I used to have , with a monthly standing charge north of £20 are not suitable,


OsC 2.3.4.1 CE Frozen   PHP 7.2   MySQL 10.1.36-MariaDB-cll-lve. Phoenix in development

Is your version of osC up to date? You'll find the latest osC community version (CE Phoenix 1.0.2.0) here.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×