SCA Richtlinie

E-Commerce: Strong Customer Authentication (SCA) deadline postponed

While it is already being applied by some companies, most are still in preparation: Strong Customer Authentication (SCA), as part of the EU Payments Directive PSD2, was initially bound to come into force in September this year. Now the deadline concerning online payments has been extended to the end of 2020. We explain the security measure and tell you what dealers should attend to during its implementation.

As part of the new Payment Services Directive (PSD2), strong customer authentication is literally rocking the boat of European online trade. After all, the processing of online payments is changing radically: dealers are increasingly obliged to secure their payment processes for online purchases using two-factor authentication. Credit card payments are particularly affected.

Guideline for more data security

The new directive was decided upon by the European Union in order to increase security and transparency in online payment transactions and to prevent fraud. The latter is occuring more frequently as global e-commerce is gaining more importance year after year. According to global security provider Lexis Nexis, losses ultimately caused by e-commerce fraud have tripled in the last five years. In Germany alone, losses amounting to 1.3 billion euros have been incurred. The SCA directive is intended to put a stop to criminals.

SCA: Europe-wide deadline postponed until the end of 2020

The introduction of the SCA Directive had initially been planned for mid-September 2019. Due to inaccurate information which resulted in a sluggish implementation and insufficiently informed consumers, interest groups have recently obtained a Europe-wide extension of the deadline for online credit card payments. The European Banking Authority (EBA) has officially confirmed the postponement until the 31st of December 2020.

Online merchants fear that the implementation of the SCA Directive will lead to a higher number of purchase cancellations and that the flourishing internet trade will generally slow down. After all, the double security check will raise the complexity regarding  online shopping for customers.

To be compliant with SCA, consumers need to prove their identity with at least two of the following three factors:

  • Using something they know, such as a pin code that is sent to a mobile phone.
  • Using something they own, like a mobile phone or tablet.
  • Or with a biometric feature, such as a fingerprint or face scan.

Study shows: Consumers and retailers are barely prepared

How poorly retailers and consumers are prepared for the forthcoming changes at this point is shown by a recent study conducted by the software provider Riskiefield, which surveyed 2000 consumers and 200 retailers in Germany, Great Britain, Spain and France. According to the results, 73 percent of consumers have never even heard of the new PSD2 payment directive. In addition, about one in three respondents (35 percent) stated that he or she would cancel an internet purchase if it required further proofs of identification, as it would be the case with PSD2. The survey also illustrates that almost one third of German retailers surveyed (32 percent) have not yet taken any measures to counteract possible negative consequences of SCA. In Great Britain, Spain and France, the industry colleagues appear to be better prepared: There, only 18 percent of retailers claim to not have made any preparations yet.

Speaking with banks, payment service providers and customers

Online businesses that have not yet taken action regarding the new rules should soon make themselves familiar with the changes and actively seek the dialogue with banks, payment service providers and credit card institutes. The discourse can clarify the extent to which merchants will need to adapt payment processes in web shops and what this will entail for their customers.

Payment processes should be as simple and understandable as possible in order to introduce consumers to the new requirements smoothly. This also includes stating explicitly in which situations, why and how customers will need to authenticate themselves in the future.

Tip: Offer a variety of payment options

In addition, customers’ payment preferences can generally vary depending on their location and history with the company. Further, individual clients usually have different payment preferences than business customers. Dealers are therefore well advised to offer as many different payment options as possible. From cardless payment methods and biometric security via mobile wallets to the 3D Secure 2 process, which guarantees strong customer authentication for online credit card payments, there are various options for SCA-compliant payment.

Conclusion: Early implementation pays off

Due to the new EU regulation for a better security of online payments, the European online economy faces a complex challenge. Those who manage to offer secure, user-friendly and SCA-compliant payment options and to educate customers accordingly could significantly increase their competitive advantage. Further, dealers should keep in mind that the final phase of SCA implementation – after the extension of the deadline – will fall into the high-turnover Christmas business. In order to avoid cancellations of purchases and a resulting loss of sales, it is advisable to implement the requirements rather sooner than later.

Related Posts