Nearly all consumers who have been the victim of fraud were not aware of it until it was too late.
Card details can be easily compromised. Hasn’t we all willingly given our card numbers over the phone to order a takeaway or entered them into an unknown site for the first time?
In the back of our mind, we all worry that someone could use this information and steal from us and unfortunately it happens all too often.
A rapid rise in online fraud together with a demand for better online security from consumers and retailers alike has finally led to the introduction of strong customer authentication.
What Is Strong Customer Authentication?
Strong Customer Authentication (or SCA as it is known) is the process of ensuring that the person making a purchase online is, in fact, the cardholder. While there are many online payment risks there are ways to decrease your chances of being a victim.
Before a transaction is approved the customer must prove they are the cardholder by the use of two or more elements which are categorised as:
- Knowledge – Something only the user knows (password)
- Possession – Something only in the possession of the user (mobile phone)
- Inheritance – Something inherently unique to the user (fingerprint/biometric ID)
All 3 are independent of one another and so a breach of one does not compromise the reliability of the other.
Knowledge
A pop-up message from your customers issuing bank asks your customer to submit a password, PIN, or secret answer known only to them in order to complete the purchase.
Possession
The issuing bank will send a unique password to your customer’s phone that they must enter in order for the purchase to go through. It could also be a smartwatch, token, or smartcard.
Inheritance
Inheritance is something unique to each person. It could be their fingerprints, voice recognition, facial recognition, or DNA signature that confirms the payment to the bank.
With SCA, only when at least two of the above are used can the payment go through. This leads to a number of much-needed benefits.
Benefits of Strong Customer Authentication
SCA provides a wealth of benefits for both the customer and the eCommerce business.
These benefits include:
- Less online fraud
- Fewer chargebacks
- Less abandoned carts
- Increased consumer confidence
Less online fraud
The implementation of SCA will reduce online fraud substantially as cybercriminals will not be able to provide the necessary elements of authentication for the payment to go through.
Card-not-present fraud accounted for 66% of all online fraud in 2013 according to Europol and in 2016 the ECB calculated that online fraud cost EU consumers €1.8 billion.
Fewer Chargebacks
Chargeback fraud is notorious for being instigated by criminals rather than genuine consumers.
Criminals will not have access to authentication elements and so the purchase will be declined thus reducing the number of chargebacks on businesses.
Less Abandoned Carts
Abandoned carts are often the result of fear. By improving online security measures using SCA we can alleviate any potential worries a customer has.
With SCA each purchase is unique and each requires an additional form of authentication meaning that even if a criminal were to obtain card details they could not make a purchase.
Increased Consumer Confidence
Once SCA is legally required by all e-commerce sites (by September 2021) we can expect a massive rise in consumer confidence.
Once a consumer is confident that purchases can only occur on their card once authentication is given this should encourage them to purchase more online.
What is PSD2?
PSD2 is the second EU Payments Service Directive. It is legislation set out to improve online security, increase consumer rights and create a level playing field by making sure that every e-commerce site provides a secure payment solution to its users.
The main focus of PSD2 will be SCA and its implementation across all e-commerce sites throughout the EU.
It is expected that the UK will follow PSD2 guidelines regardless of Brexit.
When does SCA come into force?
Following the recent COVID-19 outbreak the deadline for implementation of SCA has been extended to the 14th of September 2021.
By this date, all e-commerce sites must adhere to good SCA practice or face penalties.
Are There Any Exceptions?
There are some exceptions to the SCA rule.
These include but are not limited to:
- Direct Debit Mandates
- Subscriptions
- Certain small transactions
Direct Debits
Direct Debit Mandates do not require SCA authentication.
Subscriptions
Subscriptions to a site will only require SCA on the first transaction assuming the payment amount does not change over time.
Small Transactions
Transactions below €30 will also be exempt unless there are more than 5 transactions or that the total sum of these small transactions rises above €100. (This includes transactions to multiple companies)
Conclusions
New EU regulations will improve online security for online payments and in turn reduce online fraud. This peace of mind for both consumers and online retailers is expected to increase sales.
EU Legislation known as PSD2 contains strong customer authentication (SCA) procedures requiring the customer to confirm their online purchase before the payment is authorised.
After inputting their card details, consumers will be prompted to confirm their payment either through a password, PIN, message to their phone, or biometric authentication.
Online businesses have until the 14th of September 2021 to implement these new regulations or face stiff penalties.