Have you prepared for the implementation of Strong Customer Authentication (SCA)?
Posted on in Business News, Cycles News, Political News
As online and digital payments have continued to grow in popularity over the past few years, unfortunately so does the risk of fraud. SCA intends to combat this risk by providing a more secure trading environment for businesses and their customers.
To do so, a transaction must meet two out of three authentication measures, commonly referred to as multi-factor authentication, from the following categories:
- Biometric—such as a fingerprint or voice recognition.
- Knowledge—something like a unique passphrase or identification number.
- Possess—uses the mobile device registered with the issuing bank or a hardware token.
Businesses attempting to process transactions that have not been successfully authenticated after the enforcement date will start to see declines from issuing banks.
Not only will this negatively impact your customers' experience, it could also drive additional purchase abandonment.
SCA preparation checklist
The deadline for enforcement was 14th March, retailers who have not met this deadline can face various fines and penalties. Taking the following steps as soon as possible will help you avoid any negative impacts:
1. Review your approach to payments
SCA covers both customer present and not present payment scenarios. Complete a check of how you're currently accepting payments and through which channels to ensure you're meeting new compliance requirements.
There are a number of scenarios such as Merchant Initiated Transactions (MIT) and Mail Order / Telephone Order (MOTO) which fall out of scope from SCA. Although these do not require SCA, it's important to configure these payment requests correctly to avoid unnecessary declines and mitigate risk fraud.
2. Check your ecommerce implementation
Ecommerce transactions will largely be impacted by SCA. With exponential growth in online payments, especially mobile and app-based transactions, delivering the right authentication experience can deliver strong conversion rates.
For Customer Initiated Transactions (CIT), implement 3DS v2.2 which is the latest version to manage customer authentications as part of your payment journey.
Although 3DS v1 meets the minimum requirements for SCA compliance, 3DS v2.2 provides better user experiences for authentication (especially for mobile commerce), richer data sets for issuers to make an authentication decision and enables the use of exemptions as outlined within the SCA regulations.
These linked together give you the best chance to remove friction from your customers' payment journey and maximise authorisation rates.
3. Check your hardware for face-to-face transactions
You'll need to check if your hardware is up to date.
4. Keep your staff and customers informed
Whether you take payments face to face, over the phone or online, be sure to keep your staff and customers informed of changes to payment regulations.
Most customers are familiar with contactless transactions. Issuers may require chip-and-pin authentication in situations where your customer exceeds a certain number of contactless transactions or reaches a certain spend threshold without prior authentication. This will all be tracked by the cardholder's issuer, so you don't have to make any changes.
It's important to reassure your customer that when chip-and-pin authentication is required for contactless transactions, extra checks are being completed for their protection.
Similarly for ecommerce transactions, flagging authentication requirements reassures customers that extra steps are being taken to protect their online purchase.
Useful links
If you have any other queries please contact us.