Age Verification
This website contains age-restricted material including nudity and explicit content. By entering, you confirm being at least 18 years old or the age of majority in the jurisdiction you are accessing the website from.
I am 18+ or older - Enter
I am under 18 - Exit
Our parental controls page explains how you can easily block access to this site.

Strong Customer Authentication: what it is and how it works

  Forum / Alles über iStripper

Rex
TEAM
Mitglied seit in Sep 2007

365 Beiträge
30. March 2021 (edited)
Strong Customer Authentication (SCA) aims to make online payments more secure for users and reduce fraud. It is part of the Payment Service Directive (PSD2) as enforced by the Financial Conduct Authority.

Services that take payments from the EU, Norway, Iceland and Liechtenstein (otherwise known as the European Economic Area, EEA), had to meet SCA regulation by 31 December 2020. In late 2019 the European Banking Authority (EBA) announced a delay to the enforcement of Strong Customer Authentication (SCA) for online card transactions as required by PSD2 regulation.

By March 14 2020 VISA has been mandating that all issuers enable their 3DS2.1 solution in Europe, meaning that issuers will be in the position to request Strong Customer Authentication for all card-not-present payments. We are fully expecting the volume of card declines for non-3DS2 authenticated payments to increase significantly from that date, especially for merchants that issuers consider to be high risk, which is why VISA is strongly encouraging all merchants to adopt 3DS2 by this date.

Totem relies solely on third parties to bill their customers. For your safety, we don't store or process our customer credit cards, but rely on VISA / Mastercard certified third parties to do it. Each of them is rolling out the new SCA regulations at their own pace, so depending on the payment processor you use, you might or might not be asked for 3DS2 today or in the near future.
cdub87
Mitglied seit in Apr 2008

397 Beiträge
30. March 2021
Great information. I think this would be great to be sticked and open up a Q&A in the regular section.
Darkness97
Mitglied seit in Nov 2019

66 Beiträge
31. March 2021 (edited)
Will this effect those of us using Paypal/Epoch?

What about those in the states?

If SCA is still used, what will show up if you use Paypal/Epoch?
Jackalnxt
Mitglied seit in Mar 2017

23 Beiträge
31. March 2021
Is this that thing where you need to input a static password and a dynamic password before completing the payment? We've had that for utility bills for quite a while now.
Stanston
Mitglied seit in Aug 2018

1012 Beiträge
31. March 2021 (edited)
@Jackalnxt
where you need to input a static password and a dynamic password before completing the payment?
There are several ways for Online Payment Solutions like for example

Two-Factor Authentication > https://authy.com/what-is-2fa/

or Dynamic Passwords - Enforcing Authentication

https://blog.bio-key.com/dynamic-password-enforcing-authentication-otp

https://www.unicreditbulbank.bg/en/individual-clients/bank-cards/additional-card-services/dynamic-password-online-payments/

But at the end this is all Content from the PSD2 Regulation.

I know for myself that the Content behind the Links is a lot of Stuff to read about it,
and if the PSD2 Regulation is really more secure, i don't know.

But i know one thing for sure, that Online Payment Methods are getting now more "slightly" complicated.
What brings more Security between the Companies and the Customers, can be a ***** in the Butt
for the one or the other single Individual.

I would like to give you an example. I'm Buying my Credits on iStripper via SofortBanking,
and it was always the case before as well.

My Bank provided myself the TAN's for this via Paper list in the beginning, then later via SMS
and now they are ***** me to use an App for my Smartphone to fetch my TAN's.

I have no longer the ability to receive my TAN's via the regular SMS this is now over,
at least on my current Bank.

The Reason for this is, that the App is transferring the TAN Encrypted inside the App.
It is indeed more secure but it is more or less a little bit more complicated.
Because now i need a second separated Password for the App on my Smartphone,
beside my separate Password for my Bank Account.

The Funny thing is, my Bank is still providing the TAN's via Paper list, so if i want them
i have to get them inside my Bank from an Employee there,
including an Autograph and Liability for it, but understandable of course.

If i would chose these List method again they will delete all my Account Data from the App
(which is Understandable), and if i would go back to the App again,
i have to make the whole Registration procedure for the App again inside my Bank
with an Employee again ... At least this is what they were telling me.

So ya, it makes things more secure, but also slightly more complicated. But like i was saying
this is all Content from the PSD2 Regulation from the EU.
So you should at least follow the Wikipedia Link which i provided earlier.

And just in case someone is missleading something, Totem has nothing to do with it.
But they have to follow these Regulations,
like every other Company which is providing an Online Payment Service.
Stanston
Mitglied seit in Aug 2018

1012 Beiträge
31. March 2021
Hier noch etwas für die Nutzer aus Deutschland welche sich noch nicht eingehender
mit der Thematik beschäftigt haben, kann ja durchaus sein :)

Heise Online sollte den meisten bekannt sein, und es gab in der Vergangenheit diverse Artikel
in der CT Zeitschrift, and ebenso auf deren Youtube Kanal.

https://www.youtube.com/channel/UCAszOEwa5CS4WFwYpkjdaUQ/search?query=psd2

Das erste Video dazu wurde bereits 2018 veröffentlicht,

https://www.youtube.com/watch?v=UF4KnynXbW0

hoffe es Hilft jemanden eine wenig Licht ins Dunel zu bringen.
Jackalnxt
Mitglied seit in Mar 2017

23 Beiträge
1. April 2021
@Stanston

Yeah, that's what I figured. It is indeed a bit of a ***** at first, but I won't oppose steps to prevent fraud.

I just hope the payment method is straightforward, and not like my Water Utility bills where I have to navigate menus for half an hour in order to pay a 1,50 Euro water bill.
Stanston
Mitglied seit in Aug 2018

1012 Beiträge
1. April 2021
but I won't oppose steps to prevent fraud.
I think this is always a smart move @Jackalnxt but i still don't get over it,
that my Bank is telling me that the TAN Paper List is totally insecure now,
but it is still accessable to me, if i want them LOL!

But i guess i don't have to Understand everything and i also could imagine that this method
is at some point not available any more like that TAN transfer method via SMS.
I just hope the payment method is straightforward
As far as i can tell, the current method with my Banking App is working pretty good.
The only thing which i have to do is to open up and Login to it, before i'm starting
the Transaction process in my Webbrowser to Buy Credits for iStripper.

And in my Opinion which is pretty convenient, i'm seeing the Transaction
almost immediately after the Transaction on my Bank Accout.

That's how it's done 👍

So the transitional phase for the Deadline for PSD2 is now over,
now it's to the Companys/Payment Providers how they can handle with the new Situation.

Possible Complications not excluded ... yet.
sightseeing
Mitglied seit in Sep 2018

8 Beiträge
2. April 2021
more safety often comes along with reduced comfort. it will take some time to get used to new payment procedures. i already activated 3d secure but was never asked for it so far. i can see that epoch offers EPS payment - probably i will make use of that option more in future.
cdub87
Mitglied seit in Apr 2008

397 Beiträge
8. April 2021
Will this have any effect on US payments? I know my Bank already flags my over seas transactions for review. It was bad at the beginning. Total account lockdown with me having to call the bank to review and make sure everything was legit.
HansSachs
Mitglied seit in Mar 2016

987 Beiträge
8. April 2021 (edited)
Will this have any effect on US payments?
I think it eventually will take a benefit to all: if there is a strong autentication on, and so there can not be any doubts about the person who made a transaction, there will therefore be no need anymore for a bank to flag a transaction as suspicious and/or block it.
During the process of implementation and stabilization of such a new tecnology, though, there could temporarily be even more issues for the customers...
goodwolf
Mitglied seit in May 2011

268 Beiträge
8. April 2021
until hackers target your phone and stealing the codes without you knowing that some apps do that already in background :(
Stanston
Mitglied seit in Aug 2018

1012 Beiträge
8. April 2021
@goodwolf
until hackers target your phone and stealing the codes without you knowing
that some apps do that already in background :(
That is indeed the other Downside of this method for sure,
but 100% Security is in Fact an Placebo as well in our connected World.

Except you are disconnecting all your Devices from the Network 😜

But in my case i'm only using this Banking App as my only Third Party App.
Everything else on my Phone is Vanilla, because even it's a Smarthphone
where you can Surf, Whatts App, and Photos and all that Fun Stuff.
I'm just using it for only one purpose ... Phoning :)

But at the end, the biggest Security Issue for an connected internet capable Device,
is still the Enduser itself 😎
Darkness97
Mitglied seit in Nov 2019

66 Beiträge
9. April 2021
What about Paypal Cash Cards, where you can store money on them to make a purchase later? Is it possible to still use this method or will bank still send notification I wonder? Or is this even possible to use with iStripper anyway? Someone on here I thought, brought the idea up to me at one point.

Issue I have, is with having a bank account that is shared with others. I worry that even if I tie it to my phone, and flag it as okay, the others on that account my recieve a notification or request of the transaction. :\
Stanston
Mitglied seit in Aug 2018

1012 Beiträge
9. April 2021 (edited)
@Darkness97
What about Paypal Cash Cards, where you can store money on them to make a purchase later?
Paypal has it's own Terms and Conditions because they are only another Third Party Payment Provider.
So i think the Team here can't Answer these Questions, but follow this Link

https://www.paypal.com/us/webapps/mpp/home

and scroll all the way to the bottom, there are some useful Links for you.

As far as i can tell, if you Purchase a Paypal Cash Cards, your Transaction should be recorded
on your Paypal Account, so usually it "should be" no Problem.

But like i was saying, make Contact with the Customer Support from Paypal to bring clarification for yourself.
Issue I have, is with having a bank account that is shared with others.
I worry that even if I tie it to my phone, and flag it as okay,
the others on that account my recieve a notification or request of the transaction. :\
This is also something which you have to clarify with your Bank as well.

I have an Idea for you, make yourself some Coffee, because the Video has almost an hour Runtime,
but maybe it helps you. > https://www.youtube.com/watch?v=vvVF72Mbjnk
stefnev1
MODERATOR
Mitglied seit in Jul 2008

4587 Beiträge
11. April 2021
Just for your information :
I've bought some credits with the software, using Netbilling as the payment processor and my Visa card. I just had to authentify myself with my bank's app on my smartphone to validate the transaction. Easy and safe method.
CasinoGuy
Mitglied seit in Nov 2010

18 Beiträge
11. April 2021
Thanks for the information Rex!
goodwolf
Mitglied seit in May 2011

268 Beiträge
15. April 2021
EPOCH is unprepared for the job, not even asking the codes just rejecting straight.
NETBilling worked.

Noch keine Teilnahmeberechtigung

Als ein Gratisnutzer von iStripper bist du nicht berechtigt Beiträge zu schreiben oder neue Topics zu starten.
Aber du hast Zugriff auf die grundlegenden Bereiche und kannst unsere Community kennen lernen