PSD2 has meant a number of changes for the payments industry, but one specific area is what’s known as Strong Customer Authentication (or SCA for short).
SCA is a new regulatory requirement to reduce fraud and make online card payments more secure, by having more “authentication” built into the checkout flow.
The requirement is to have payments authenticated as genuine using at least two of the following three data points :
- Something the customer knows (e.g., their password or PIN)
- Something the customer has (e.g., the phone or hardware token they are using)
- Something the customer is (e.g., their fingerprint or face recognition)
The regulatory requirement is to have these new processes in place for 14 September 2019, and from this date banks will decline payments that require SCA but don’t meet these criteria.
So what transactions require SCA and how will it benefit your business ?
SCA applies to “customer-initiated” online payments within Europe. Any payment made by customers online. So most card payments will require SCA, although there are some exemptions.
Today, the most common way of authenticating an online card payments relies on 3D Secure (3DS) – the authentication standard developed by Visa and Mastercard and supported by the vast majority of European cards. This typically adds an extra step after the checkout where the cardholder is prompted by to provide additional information to complete a payment (e.g. a one-time code sent to their phone or letters from their password to login to their online banking).
To meet the requirements of SCA, the major payment schemes are rolling out 3D Secure 2.0 during the course of this year. Whilst the original version of 3DS was fairly clunky, this new version introduces a better user experience that will help to minimise the friction that authentication adds into the checkout flow.
Visa reports that merchants using 3DS 2.0 will experience a 70% decrease in cart abandonment, and an 85% reduction in transaction time.
3DS 2.0 also gives merchants another anti-fraud tool as it’s designed to better authenticate valid transactions and deny fraudulent transactions. Additionally, it shifts the liability for fraudulent transactions from the merchant to the issuing bank.
Of course, as well as Visa and Mastercard’s 3DS solutions, there are other payment methods such as Apple Pay or Google Pay which Judopay facilitates – that already meet the new SCA requirements in a smooth and frictionless way.