According to the European Banking Authority (EBA), eCommerce merchants have received the deadline of December 31, 2020 to comply with strong customer authentication (SCA) protocols. The EBA is well aware that complete SCA migration requires a consistent approach, and that eCommerce merchants may not make the full transition by the date stated.
SCA is not merely a description of authentication standards, under the Second Payment Services Directive or (PSD2), SCA is now officially the law.
In the European market, the SCA protocols were to take effect on September 14, 2019. These rules have the potential to completely change how business is conducted online.
What is Strong Customer Authentication?
In October 2015, the European Parliament approved a new set of regulations for the entire payments industry. The Revised Payment Service Directive or PSD2 governs how third-party services like Google and Facebook can engage in roles previously restricted only to banks.
As of September 14, 2019, merchants need to follow strong customer authentication standards when they conduct any eCommerce transaction within the European market. Basically the protocol requires that the merchant add an extra layer of protection within the checkout process.
Just requiring the credit card number, address, and CVV is no longer sufficient. Merchants are now required to verify the customer’s identity by using two of the following three factors:
- Possession: Something in the user’s possession, such as a payment card.
- Knowledge: This is something the customer knows, like a 3-D Secure code tied to the account.
- Influence: Something the customer inherently is, like a fingerprint or other biometric impression.
By law, the merchant needs to verify two of the three aforementioned identifiers in order to satisfy the cardholder’s issuing bank.
In Western Europe alone, eCommerce sales are expected to grow at a 17.3% compound annual rate (CAGR) between 2018 and 2022. By that time, online sales on the continent pass $1 trillions annually.
However, as consumer purchases grow, so will fraud.
The reason SCA was established was to protect European consumers from losing billions annually due to online fraud. Although, in theory, the motive behind the law is good, merchants stand to suffer the negative ramifications…more friction during checkout.
More friction during checkout essentially means reduced conversion. One clear example was when the Indian Government passed a similar regulation back in 2014. Certain businesses revealed that they experienced an overnight conversion slump of more than 25%. A 25% drop in the European market could equate to a potential €150 billion loss!
What’s more concerning is that many retailers remain clueless as to how this new regulation can bring catastrophic results. In December 2018, data published by MasterCard revealed that up to 75% of European Merchants are still in the dark about SCA and how they should prepare for it. More than 50% of those surveyed said they will not be ready before the deadline or have “zero plans to support” SCA standards.
The Answer? Develop “Positive Friction”
Avoiding friction is practically impossible. Instead of resisting, it is best to redirect it in a positive way. Subscription merchants can create friction that is barely noticeable to the buyer, but deters fraud.
For example, positive friction can include:
- Verifying the CVV at checkout
- Asking buying to verify their order before finalizing
- Making account creation optional
In Conclusion
Strong customer authentication standards are here to stay. It would be vital to begin the process of implementing all the necessary changes now to ensure that your business experiences a smooth transition and avoid the negative ramifications.