Updated June 2020 - SCA implementation has been delayed until September 14th 2021 in the UK. A move made by the SCA - this move has not been mirrored by the European Commission who state that Merchants have had sufficient time to prepare for SCA; refusing to extend their deadline beyond December 31st 2020
Critical information has been released amending the compliance paramaters of SCA in the wake of the Coronavirus. We would encourage you to take note of the information here as an amendment to the information presented in this blog.
**PSD2 SCA is finally here. **
The directive which seeks to add enhanced strong customer authentication parameters to its protocols, is bracing the commerce markets for the rapidly growing technological age.
Outlined with compliance to prevent fraud and ensure security at the point of sale in electronic and card-not-present transactions; it’s shocking that 75% of merchants were unaware of the legislation - resulting in a phased implementation over the next 18 months.
What is PSD2?
PSD2 has been in place since 2016. Given the ambiguity behind it; the protocol has had to evolve to suit third party providers such as payment service providers, and gaps in the industry that needed to become industry compliant.
This is particularly prevalent in payment flow cases where payment is taken days after authentication i.e. crowdfunding. With SCA, customers might need to reauthenticate; and already need to do so in scenarios where they wish to make a second purchase after 90 days at a merchant’s online shopfront.
The Financial Conduct Authority issued a comment in June 2019 stressing that they would help industries such as these comply with SCA with the new extended deadline.
What is SCA?
SCA - standing for strong customer authentication - aims to acquire two methods of authentication from the customer at the point of transaction.
These two methods of authentication must fall under:
Something the Customer knows i.e. their password or PIN Something the Customer has i.e. Phone or other hardware Something they are i.e. biometric access This will involve transactions taking place via debit and credit card online and via e-commerce.
What are the Exceptions?
Exceptions include contactless payments under £30 and Chip and PIN (which is considered two-factor authenticated) to name a few. Recurring payments and direct debits are also exempt as they are considered merchant-initiated.
As SCA is a customer-end directive, it falls outside of the scope of the European Economic Area it is mandated within. This means its authentication protocols apply even when the merchant is outside of the 31 EEA (European Economic Area) countries.
Security Demands Online:
There is a growing demand for visible security online with abandonment rates at the checkout growing to 69%. SCA continues to open up the financial securities market beyond banks, to third party providers via the open banking initiative.
Consumers are presented with the opportunity to trust technologically able processors with their financial data for better security and convenience.
Merchants and consumers agree on the need for the SCA. Over 60% of merchants and customers alike, see the need for advanced security protocols that do not impact the digital experience. The option to integrate SCA in third party provider services, affords consumers and merchants with this very opportunity.
As 58% of retail sales are estimated to take place electronically via the e-commerce shopfront by 2028, SCA is a detailed primer for the advancements needed in payment security.
To learn more about the negatives and benefits of PSD2 and 3D secure; as well as how to become compliant, check out Total Processing’s in-depth white paper here.
Visa - Preparing for PSD2 SCA (White paper November 2018)
Experian – Global Fraud and Identity Report (2018)
Deutsche Bank – Are you PSD2 ready? (Whitepaper October 2017)
Accenture – PSD2 and Open Banking (Whitepaper 2016)
GI Insights Study: www.mycustomer.com/service/channels/omnichannel-are-companies-closing-the-gap-on-customer-expectations
Typing Biometrics: www.findbiometrics.com/european-banking-authority-approves-typing-biometrics-071801/
PSD2 and E-commerce: www.ctidigital.com/blog/3d-secure-2-0-psd2
E-commerce UK Growth: www. londonlovesbusiness.com/uks-e-commerce-market-to-grow-to-e231bn-by-2021/
3D secure checkout flows: www.docs.adyen.com/checkout/3d-secure/native-3ds2
Surcharge removal: www.econsultancy.com/ecommerce-merchants-prepare-psd2/
Refund capabilities of PSD2: www.finextra.com/newsarticle/34134/psd2s-narrow-focus-limiting-the-potential-of-open-banking---report
Consumer Trust: www.teiss.co.uk/news/uk-businesses-customer-data/
Retail Sales 2028: www.linkedin.com/pulse/online-dominate-retail-sales-2028-jason-west/