Preparing for SCA: Here’s What Merchants Need to Know
For the past year, we’ve heard the terms PDS2, SCA and 3D Secure scattered throughout conversations on European payments – and for good reason.
In 2019, the European Banking Authority announced a delay to the enforcement of Secure Customer Authentication (SCA) for online card transactions as required by the European Payment Services Directive 2 (PSD2) regulation, pushing the date for it to be fully mandated to 31st December 2020, 15 months after the original implementation date – and now just around the corner.
Since the delay was announced last year, however, countries across the EU have implemented their own timelines to ensure that when the regulations finally go into effect, they are prepared – whether pushing for a further delay or rolling out SCA-style requirements early.
While a welcome respite, the delay didn’t totally address the confusion. Before September 2019 it was unclear whether issuers would enforce SCA readiness and it’s still unclear now. But the delay did create a well-defined timeline for the payment ecosystem, and there is a greater level of readiness this time around. With the right preparation, merchants can adapt and avoid the forewarned pitfalls of frustrating their customers, cart abandonment, and a drop-in authorisation and conversion rates.
Some More Background
Thanks to the extension, merchants now have a high-level understanding of the need for implementing Strong Customer Authentication as required by PSD2. Overall, it will make online payments more secure and reduce fraud by enabling merchants, acquirers, and issuers to clearly identify their shoppers in real-time and make sure that their payments are authorised.
3D Secure 2 (3DS 2) is the most updated version of the 3D Secure protocol – the authentication standard supported by most card schemes in the world. 3DS 2 offers merchants benefits beyond fraud prevention, such as helping increase conversions and ensuring compliance with PSD2.
Once SCA is fully implemented, merchants will require consumers to be authenticated with at least two of the following types of information:
- something they know (e.g., a password, PIN or a secret fact)
- something they own (e.g., their mobile phone, a wearable device or a token)
- something they are (e.g., their fingerprint, facial features or voice patterns)
This time around, card schemes have taken a more supportive approach, advising partners on how to best implement SCA measures and doing their part to offer incentives to motivate merchants into implementing it.
So, what’s 3D Secure (3DS) got to do with this?
3D Secure 2 (3DS 2) is the most updated version of the 3D Secure protocol – the authentication standard supported by most card schemes in the world. 3DS 2 offers merchants benefits beyond fraud prevention, such as helping increase conversions and ensuring compliance with PSD2. The new protocol better supports mobile payments and employs new authentication methods, such as biometrics, supported by today’s smartphones, tablets and computers used by online shoppers.
How can merchants prepare?
When it comes to SCA compliance, one size does not fit all. Merchants must weigh a range of factors when building their SCA policy – including where they operate, who and where their customers are, and their specific business models. While merchants may understand the broader need for SCA, navigating this complex array of factors and crafting SCA policies aligned with their businesses’ unique needs requires working with the right partners. Card schemes and agile FinTechs can help merchants ensure full compliance with all PSD2 regulations before the December 2020 deadline.
For instance, we at Credorax developed a 3DS 2.0 offering that provides merchants trading in the European Economic Area with solutions for covering the three SCA verification requirements. Also available is our Smart 3DS Adviser, which advises merchants how to implement SCA on a transaction level – including when to apply 3DS 1.0 or 2.0 – in order to avoid conversion drops. Through an in-house 3DS 2.0-specific offering, merchants can improve the customer experience through a unified, optimised solution which is flexible, omnichannel ready, and functions on single integration.
To offer the best checkout experience to customers, merchants should also consider adding alternative payment methods such as Apple Pay and Google Pay. These additional payment methods qualify as SCA-compliant solutions and are gaining traction with consumers in the EU and around the world.
Although all of this might seem like a big hassle now and certainly has caused many merchants to rethink their compliance with these regulations, in time, both merchants and customers will enjoy the benefits from SCA. Online transactions will be more secure with decreased potential for online fraud and chargebacks for merchants, and peace of mind for customers with a secure and seamless checkout experience.