The Programme Management Office (PMO) for Strong Customer Authentication (SCA) are posing the following question for feedback from retailers, possibly one for the tech wizards in your organisation. Please provide feedback to Andrew.Cregan@brc.org.uk by 21st February 2020.
The Financial Conduct Authority (FCA) have agreed that “behavioural biometrics” should be used alongside One-Time Passcodes (OTP) as the two-factors of authentication for (non-app) online transactions. This decision avoids the unwelcome prospect of online shoppers requiring a static password or their card PIN, in addition to an OTP, which past experience in the UK and abroad has shown to be highly disruptive, whilst creating new opportunities for fraud.
Question for feedback
Are merchant web sites likely to implement restrictions that interfere with such scripts? Possible restrictions could be related to the inclusion of third-party content, CORS restrictions, or similar.
We would like merchant views on whether this concern is well founded and if so what industry guidance to merchants would be appropriate to maximise the successful use of Behavioural Biometric solutions in 3DS browser challenge flows.”