In September, the European Union is implementing new requirements for authenticating online payments. The measures will have significant implications for consumers and those involved with e-commerce.
SCA: What is it & What does it mean?
The Payments Services Directive (PSD 2) was passed in November 2015. As of the 14th of September, all companies within the EU must comply with the directive. One aspect of the directive implicates Strong Customer Authentication (SCA). The objective of SCA is to minimise the risk of fraudulent transactions and generally, make online payments more secure. This measure will change the way online payments are transacted for over 300 million European consumers.
As the deadline looms, internet based enterprises need to prepare to meet their obligations. The rules surrounding SCA effectively mean that European consumers will be required to use two factor authentication (2FA). Essentially, a second factor such as a password or fingerprint will be required before the transaction is completed. If e-commerce businesses don’t implement these changes, banks will automatically decline payments that don’t meet the SCA criteria.
There are some exemptions from the measures. Recurring direct debits – considered to be initiated by the merchant – are not impacted by the regulation. Equally contactless payments and in-person card payments are exempt. If a customer buys from a merchant regularly, it may be that 2FA is needed initially. However, on subsequent occasions, the customer is white-listed and doesn’t need to repeat the process.
“If e-commerce businesses don’t implement these changes,
banks will automatically decline payments that don’t meet the SCA criteria.”
There are 6,000 banks in Europe and so with each of them potentially reaching its own conclusion in the interpretation of the SCA rules, the outcome for consumers and merchants may not be consistent. It may result in the consumer being required to provide secondary authentication using voice, facial recognition, PIN number, fingerprint and other biometric authentication means. The requirement is for the customer to provide authentication in the spirit of ‘something I am, something I have or something I know’.
To deal with this impending digital payments regulatory implementation, the payments industry will need to build the right products to cope with SCA. Payments company, Stripe has been active in this regard. In what appears to be a move specifically with these regulations in mind, the company acquired Dublin-based Touchtech Payments earlier this month. Touchtech provides SCA technology to fintech companies such as N26 and Transferwise.
Last week, the company launched Stripe Billing – a product which seems to be geared towards the new regulation. Stripe claim that it will make SCA compliance easier when it comes to online subscriptions. The press release states that the product will “help companies automatically identify precisely which charges require SCA and send customisable emails to subscribers when additional authentication is needed, reducing customer attrition and revenue loss”.
Furthermore, it will be necessary for these payments service providers collaborate with banks in an effort to try to provide for a smooth transition, given that the banks are the ones who will interpret SCA rules in the main.
Education of online merchants as to the regulations that are being applied is going to be paramount. Only 25% of online merchants are currently aware of the SCA and their obligations relative to the SCA. This lack of awareness is particularly acute when it comes to the smaller ecommerce businesses.
On Tuesday, Ecommerce Europe – a pan-European representative body for the digital commerce sector in the region – published a guidance document in an effort to help merchants prepare for the application of the SCA. Such measures will go some way towards bridging the knowledge gap pertinent to the regulation.
According to the Global Unified Commerce Forecast from 451 Research, digital sales will have a compound annual growth rate of 17% in Europe over the next few years. This will reach an overall sales point of $1 trillion by 2022. This regulation may prove to be a bump in the road in terms of that upward trend. It will be necessary for industry stakeholders to adapt to the requirement and ensure that the customer journey and experience is maintained positively.