The SCA deadline is looming. Strong Customer Authentication (SCA) rules, part of the PSD2 regulations, come into force on 14 September.
In as few words as possible: all European consumers will need to confirm their identity for the majority of their online purchases. Specifically, consumers will need to use two authentication protocols. That might be something they know such as a password, possess such as a mobile or something they are. Examples of the latter might be a fingerprint.
The SCA rules put the ultimate decision to authorise a transaction with the issuer. And in the era of constant industry moves to optimise customer centricity, this will impact the customer experience during card not present checkouts.
This was an argument advanced by Visa among others, way back in 2016. Visa argued that mandatory authentication checks would disrupt online shopping without any guarantee of increasing security.
Rather stating the obvious, it was argued that making online shopping harder would mean an increase in cart abandonment.
The European Banking Authority was not convinced and the SCA rules are the result.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataThere are SCA exemptions for those that can keep fraud levels under specified fraud rates. This will allow payments under certain thresholds to be exempted when transaction risk analysis has been applied.
The paper, entitled Regulatory Technical Standards enabling consumers to benefit from safer and more innovative electronic payments, was released in November 2017.
Scrambling to meet the SCA deadline
More than 18 months on, there is now some scrambling about within the industry to meet the September SCA deadline.
With impeccable timing, a report released by the Emerging Payments Association suggests that the UK is not ready.
The report is entitled Issuer Declines: The impact of SCA on payments users.
It finds that 75% of issuers will be ready from a compliance standpoint but they will not be operationally ready.
The report also highlights that issuers will likely not be able to support the full range of exemptions and 3DS v2.2 until late 2019 at the earliest.
The report is well worth a read. It details the impact of SCA strategies on the experience of payments users. It also explores what this means for merchants with the compliance deadline now only a few weeks away. And it examines how UK card issuers intend to implement SCA and which methods they will be using. Finally, it looks at the likely impact on both merchants and cardholders.
SCA deadline and customer experience
Many of the findings in the survey mirror the arguments, made unsuccessfully back in 2015 and 2016. Businesses remain concerned about the effect on the customer experience. In particular, the report notes that 74% of issuers expect SCA to lead initially to a decline in user experience and 58% say that too much friction is being applied.
It also predicts that between 30% and 50% of eCommerce transactions will in future face a step-up authentication request. This is up from the current 2% level. It says that issuers expect in the short term to decline 25%-30% of transactions unless a managed roadmap is agreed.
The report also looks at chargeback disputes, growth rates, trends and the impact of new scheme dispute management programmes.
SCA: EPA recommendations
It recommends that 3DS technology be implemented as a priority. In addition, merchants should engage in greater dialogue with their acquirers and gateways to more effectively tackle fraud. Furthermore, the paper calls for merchants to play an active role in communicating with customers – thereby helping minimising disruption.
All perfectly sensible and advice that was being advanced back in 2016 and 2017. Nor have a number of leading vendors offering effective and innovative SCA solutions exactly been silent.
Regrettably, with echoes of the launch of open banking, consumer awareness is dismal. On a straw poll of office colleagues, friends and family, very few acquaintances knew much about SCA.
A recent study conducted by 451 Research noted that 73% of shoppers are unaware of the new SCA authentication requirements. Frankly, it came as a surprise that as many as 27% were aware.
The survey conducted by 451 Research was commissioned by payments infrastructure company Stripe. Inter alia, it forecasts that Europe may lose €57bn in economic activity in the first year after SCA takes effect.
One can safely forecast that attempts are being made to extend the 14 September deadline. It might make sense if the regulators accepted at this stage that the deadline is not, realistically, going to be met.
Extend the deadline into the New Year but at the same time suggest that failure to meet the new deadline will have consequences.