In the world of payments, there are important changes on the near horizon which have been anticipated for some time, namely the implementation of the second Payment Services Directive. PSD2 is focused on initiatives to make payments safer, increase consumer protection, and foster innovation and competition.

The next tranche of the PSD2 legislation brings with it the introduction of Strong Customer Authentication (SCA). The SCA requirements came into force in September 2019, however the EU Commission and the European Banking Authority subsequently stated that national regulators should not actively enforce the regulation until 31st December 2020 for e-commerce.

In practical terms, in the UK and across Europe, SCA will mean additional security authentications for certain online transactions, a process designed to add an extra layer of fraud protection when cardholders make an electronic payment.

This means that in order for a card issuer to approve the transaction, a cardholder provides two of the following three independent sources of identity verification: something you know (e.g. PIN or password); something you have (e.g. a mobile device); or something you are (e.g. fingerprint or facial recognition).

With online transactions a large part of many businesses’ operations, it’s vital that they make the most of the technology at our disposal to smoothly integrate 3DS and, as a result, minimise the disruption to the checkout process without compromising customer security.

Despite this having already come into law, with a 2020 effective date, many e-commerce merchants are yet to begin taking the necessary steps to ensure they are suitably prepared for SCA. Payment providers, such as card issuers and acquirers, are subject to the new rules, so if merchants don’t act soon, they risk issuers declining the transactions, which could lead to a loss of revenue as well as cardholder dissatisfaction. And, while in the UK, the Financial Conduct Authority has confirmed a revised enforcement date of 14th September 2021, other regulators are requiring the industry to begin ramping up SCA now. It, therefore, is imperative for merchants to take immediate action to be ready for the implementation of the SCA requirements.

Fortunately, there is a global industry standard - EMV® 3-D Secure (3DS) - to give merchants the ability to undertake SCA integration for all major payment providers at once. This is key in helping to make implementation as seamless as possible and, in practice, will mean merchants will require minimal additional time and resources for implementation.

With online transactions a large part of many businesses’ operations, it’s vital that they make the most of the technology at our disposal to smoothly integrate 3DS and, as a result, minimise the disruption to the checkout process without compromising customer security. 3DS technology also offers data insights on the purchasing journey, allowing issuers to make smarter, more sophisticated risk decisions which helps to reduce friction while protecting against fraud. To create a more seamless experience for consumers and merchants alike, ‘whitelisting’ features also allow consumers to select merchants to be marked as ‘trusted’, and thus exempted from the requirements of SCA whilst managing fraud detection and protection.

We know that every purchase is an important one for merchants, and we have designed our technology to support a safe and smooth transaction environment. There are clear actions merchants can take now to have an SCA solution in place before their country compliance date, so they can continue to offer an efficient and secure checkout experience for their customers.

American Express recently launched SafeKey 2.2 - a security solution that leverages the global industry standard. For more information about SafeKey, please visit www.amexsafekey.com. For more information about Express List, the American Express trusted beneficiary tool, please visit www.americanexpress.com/uk/security/safekey.