Payment Services Directive (PSD2)

Aria provides seamless integration with your payment gateways, simplifying and automating collections. As part of your comprehensive PSD2-compliant solution, Aria intends to provide the following:

1. SCA-compliant implementation of 3D Secure 2.0 (in addition to our existing implementations of 3D Secure 1.0)
2. 3D Secure support extended across applicable payment gateways
3. Hosted Payment Pages will be updated to support enhanced 3D Secure, where applicable

Each payment gateway and/or processor is different so it is possible that no changes will be required on your side to comply. However, some gateways and/or processors may require some additional data capture from the end user's device to send in subsequent transactions. Aria will provide information as we roll out related platform updates.

While physical cards are already SCA compliant, the ever-increasing prominence of online payments require alternative methods of payment method verification not reliant on the physical presence of cards. Multi-factor authentication and 3D Secure are two PSD2-compliant approaches to SCA.

• Multi-factor authentication confirms users' identities by validating information from at least two of the following categories:

1. Knowledge: Something they know (e.g. user id/password)
2. Possession: Something they have (e.g. card security code (CSC/CVD/CVV/CVC), security token, one-time code via SMS/e-mail)
3. Inherence: Something they are (e.g. touch id)

• 3D Secure is an open standard used by major credit card brands to authenticate card transactions to prevent fraudulent payments. 3D Secure is one of the primary ways for Payment Services Providers to comply with the SCA mandate. Many of Aria's integrations with Payment Gateways and Processors support 3D Secure 1.0, and Aria is currently enhancing these integrations to support 3D Secure 2.0.

3D Secure 2.0:

• reduces false declines, which can lead to customers' abandoning transactions, with simplified authentication flow;
• eliminates the pop-up screen from 1.0 implementation, simplifying customers' payment experience, and removing the resemblance—to suspicious or cautious users—of a phishing attempt;
• exempts lower-value transactions from validation to accommodate lower risk levels, depending on a merchant’s fraud threshold;
• supports not only payment card transactions, but also transactions originating from mobile and digital wallets;
• supports desktop web transactions, and streamlines mobile device transactions; and
• captures up to 150 data points so card issuers can better judge transaction validity, protecting from both fraudulent transactions and errant fraud declines.