Business
Streamlining the path to SCA compliance
Global Banking & Finance Review®
Company
By George Ralchev, Head of Risk at emerchantpay
Payments technology is evolving fast. With contactless payments, digital solutions and alternative payment methods growing in popularity among consumers, the types and quantity of data merchants receive is rising.
This influx of data is both a help and a hindrance. On the positive side, these extra insights enable eCommerce businesses to create bespoke services and offerings – tailored to individual customers – to encourage sales. On the other side of the coin, new pools of data and consumer touch points could mean susceptibility to vulnerabilities, increasing the risk of security breaches and fraud.
To address these challenges, in March 2022, Strong Customer Authentication (SCA) was implemented in the UK as part of PSD2, in an attempt to make payments more secure and to encourage consumer trust.
But the path to compliance is not necessarily a straightforward one. CMSPI estimates that €25bn in revenue was lost in Europe in 2021 as a result of SCA enforcement. In a year set to be defined by tight margins and squeezed spending, merchants need to juggle SCA compliance with the maintenance of a smooth and frictionless customer journey, whilst ensuring conversions are unaffected.
This is naturally a hard balance to strike, and merchants are concerned about the impact this will have on their conversions and revenue. In this article we’ll share insights on how to make SCA work in favour of merchants.
How does SCA work and why is it needed?
Under SCA, customers in the EEA are required to verify their identity with two factor authentication for the majority of online transactions. Card issuers automatically decline non-compliant transactions under the requirement unless exempt, which applies to the European Economic Area (EEA) and the United Kingdom.
The authentication required under SCA includes a combination of two factors. These can either be something the consumer knows, such as a passcode, something the consumer has, such as a mobile banking app, or something the user is, which involves biometrics. These three must be independent from one another; one factor must not compromise the reliability of the others, and all are designed in such a way as to protect the confidentiality of the authentication data.
Simply put, the goal of SCA is to protect consumers from fraudulent transactions, which saw more than £750m lost due to fraud in the first half of 2021 alone. While the regulation aims to support the consumer, the two-factor authentication adds an element of friction and could impact online merchants’ conversions. However, there are some benefits for merchants too, including reduced processing of fraudulent transactions and increased cardholder confidence when using online services.
Payment challenges increase for merchants
Our research found that over one in three payment leaders admitted that changing regulation and ensuring compliance – including with PSD2 and SCA – is a top concern towards optimising payments performance in 2022.
Non-compliance, as well as inefficient payment infrastructures, could be causing merchants to lose revenue. Over nine in ten organisations admit to be losing revenue as a result of shortcomings in their payments system, while one in four want to make improvements to their payment system by mid 2022.
Working with the right payments partner to make SCA compliance easier
It’s clear that merchants need the support of trusted payments providers (PSP). In fact, 79% of payment leaders stated that proactive support from their PSP ahead of upcoming regulatory changes is important to them. Further, more than one third of online retailers acknowledged this as extremely important, highlighting the need to partner with a trusted PSP that can deliver this strategic value to merchants.
An experienced PSP with expertise in PSD2/SCA, can provide timely assistance to merchants, in advance of upcoming changes, developments and improvements. This ensures smooth transition to the new requirements, while providing the optimal payment experience.
To illustrate, with the right PSP, online retailers can design payment experiences that are SCA compliant while sustaining conversion rates. A trusted PSP should work closely with merchants to tailor their payment strategy so it’s PSD2 compliant, meeting their customers’ expectations, and leveraging SCA exemptions when appropriate and suitable. Additionally, it’s crucial for PSPs to understand different audience demographics across geographies, as SCA challenges differ from country to country; this could be achieved, for instance, with SCA authentication on a per country basis. A well-established PSP, with an extended network, could provide the most optimal processing channels in line with PSD2 requirements. Strategic partnerships such as these will return improved conversion and acceptance rates, as well as reduced fraudulent transactions for the merchants.
Despite these possibilities, our research found that 20% of organisations across industries are dissatisfied with their PSP. Further, more than half (56%) of respondents stated that they are likely to change providers; this fact alone proves how critical it is for PSPs to strategically support merchants in an ever-changing eCommerce landscape.
Action is needed now
SCA compliance is far from easy. As the payments and merchant ecosystem continues to adapt to the rules, the new landscape will be difficult for any business to navigate without the support of a strategic payments partner.
The right PSP can offer support across a range of payments and regulatory challenges, helping merchants safeguard their revenue so that payment leaders can spend more time focusing on growing the business and increasing revenue.
For organisations already making the necessary updates, this year offers an opportunity to get ahead of the competition. Those left behind may find themselves struggling to keep up.
Strong Customer Authentication (SCA) is a regulatory requirement that mandates two-factor authentication for online transactions to enhance security and reduce fraud.
Payment service providers (PSPs) are companies that facilitate online transactions by providing payment processing services to merchants and businesses.
Fraud in online payments refers to unauthorized transactions or deceitful actions aimed at obtaining money or sensitive information from individuals or businesses.
Technology in payment systems enhances transaction efficiency, security, and user experience by enabling features like digital wallets, encryption, and real-time processing.
Explore more articles in the Business category
