Revised Payment Services Directive
According to UK Finance’s ‘Fraud the Facts 2019’ report, 2018 demonstrated advanced finance security systems stopped more than £1.6 billion of unauthorised fraud. But despite this, criminals successfully stole £1.2 billion through fraud and scams last year.
PSD2 & SCA
The need to reduce fraud, make online payments more secure, and improve consumer confidence when making transactions online is the reason behind new legislation in the EU. The Revised Payment Services Directive (PSD2) contains new requirements for the authentication of online payments, known as Strong Customer Authentication (SCA).
Even though full enforcement is not set until March 2021, it is vital for online retailers to understand the new regulation and start preparations sooner rather than later as illustrated in a 2018 Mastercard survey which found that 86% of online businesses in Europe were not yet SCA compliant, while 75% weren’t even aware of the upcoming legislation.
Protecting Your Financial Transactions.
What is SCA?
Strong Customer Authentication will apply to transactions where the business and cardholders’ banks are in Europe and will still apply to the UK after Brexit. A form of two-factor authentication, SCA adds extra levels of authentication into the online checkout process by requiring at least two of the following to be entered by the consumer:
Something they know: for example, an account password
Something they have: such as receiving a code via their phone
Something they are: for example, a fingerprint or face recognition
SCA will apply to the majority of online card payments and bank transfers, with many banks having implemented some changes already since April 2019.
How does it work?
To support the new legislation, a new version of 3D Secure 2.0 (the VISA fraud initiative which takes consumers to a separate pop-up to confirm identity) is being launched to support SCA.
All good Payment Service Providers (PSP), which offer online services that allow e-commerce stores to accept electronic payments, and banks will be making changes to ensure they and the businesses that use their products are compliant.
This means that stronger authentication is introduced to combine something the user knows, such as a password or PIN, with something the user has, such as a code generated by a smartphone app, or with a biometric identifier like a fingerprint or facial recognition. This will result in unique authentication codes for every transaction that will link the customer and the transaction amount.
These requirements were created to combat card-not-present (CNP) fraud that has been on the rise for the past decade following the introduction of chip-enabled cards. According to European Central Bank statistics, card-not-present fraud steadily increased every year until 2016, when it accounted to 73% of the total card fraud losses related to Euro payments.
How will this impact your customers?
There are some exemptions in SCA and the onus will lay with your payment processor or bank in most cases. If your business handles payment directly online then you may need to make changes to your checkout process. However, either way, the new process will add an extra step, and time, to the payment process.
It is expected that this will have a knock-on effect on conversion rates, causing some drops while online consumers become accustomed to inputting that second piece of security information. The launch of a similar piece of legislation in India saw conversion rates drop by 25% overnight across impacted businesses.
Even if your suppliers are going to ensure your business is compliant, it is important to spend time thinking about how the customer journey will be impacted through your website’s checkout process as well as understand the regulatory requirements.
In the UK, around one-third of consumers have no knowledge of upcoming changes resulting from SCA. Informing those customers of these changes in advance of them coming into effect could ensure a smooth transition when changes take effect because sudden unexpected changes to their purchasing experience could result in a noticeable conversion rate drop off.
CentriVault has both the necessary compliance knowledge and customer insights through specialist CX partnerships to help ensure your business handles this change and not suffers the kind of conversion drops experienced in other roll-outs.