PSD2 mandates that banks and eCommerce sites need to comply with strong customer authentication. It is mandatory in the EU/EEA (includes Switzerland, England and Norway) but not outside of these areas. It, however, impacts merchants or cardholders when one or the other falls within the EU/EEA area.
The PSD2 regulation is about opening up the payments landscape and driving innovative products that will ultimately enhance the way consumers engage with online merchants and solve conclusively the problems which have burdened CNP payments for the last two decades.
From an industry perspective, PSD2 and SCA Regulation is a good thing by bringing about changes which many merchants concerned only with the day-to-day would otherwise resist. Merchants do not like change because of costs and distraction, but change is required to achieve the next spurt of growth and this cannot happen without solid foundations; the current foundations are eroded by fraud paid for by consumers. The consumer is the ultimate winner and the whole ecosystem will benefit as a result. It is possible to build a win-win scenario.
One thing that we can certainly expect to see is a sharp reduction in fraud. Chip & Pin for card present has been a great success but fraud for CNP without the use of 3DSecure remains too high. SCA will stop the funding of criminals and make sure that online payments are secure by design.
With eCommerce transactions, fraud remains high because there’s that lack of personal identification between the buyer and the retailer; yet the preference for ecommerce continues to grow – online shopping appeals both to consumers who prefer to researched approach to shopping and to clients who enjoy shopping and want to do it at any time and place; quite simply the online shopping experience has become more enjoyable than the walk-in experience.
The weak part of the whole online experience is the payments part and this is where two approaches have butted heads for a long time; a desire to make the payments transparently and seamlessly pitted against security of cardholders and banks preferring to reject a transaction rather than take the risks.
The new SCA regulations seek to reconcile these irreconcilable approaches, recognised the need for a strong online identify, create consumer trust through a consent system and eliminate the risks which leads banks to reject payments or merchants to refuse business. The goal is to make eCommerce transactions at as safe as or even safer than (in-person) card-present transactions.
The old authentication approach requires a challenge each time, typically a password or code, so the payment flow requires the cardholder to always interact and complete the payment process. The new SCA regulations work on a risk based approach so that in most cases, passive authentication on device and IP addresses combined with merchant and cardholder spending patterns are enough to approve a transaction in confidence and without any interruption.
Challenges will be required from time to time, with OTP over SMS for simple phones and push notification and biometrics for the majority of cardholders using a smart phone. The experience is already very familiar to cardholders.
The new Risk Base approach to authentication brings all the information from the Banks, the Card Schemes the Merchant and the consumer to create an invisible authentication process. The goal is Frictionless SCA authentication – invisible to the end-user, whilst assuring the merchant and the bank that the user is who they say they are.
The challenge with SCA is to ensure proper implementation and delivery in a consumer-friendly way; failure to do so will cause consumers to abandon sales. There’s a genuine concern across the industry that the regulations are too onerous and may be a burden. The EBA has negotiated long and hard with many parties and flexibility has been added judiciously, a delicate matter that can easily sabotage all the good intentions on which SCA is built on. But the most important players now are the merchants – it is up to them to embrace SCA, understand the great benefits it brings to their business, and implement 3DSecure to exploit it to the maximum. Merchants have been given an opportunity to influence the outcome of a payment like never before; those that understand the new payment paradigm which SCA brings will be the winners.
At Endeavour, we combine experience with years of working very hard to provide the best 3DSecure platform in close collaboration with payment processors and payment departments of our online retail customers.
If improving approved transactions by 14% is important to you, contact our specialists to understand how our custom integration can help you create a frictionless experience.