The new deadline is shorter than the transition periods previously provided by many designated national competent authorities (i.e. FCA in the UK, BaFIN in Germany), following guidance from EBA published in late June. That guidance allowed for a delay in the implementation of Strong Customer Authentication (SCA) over concerns that banks, PSPs and merchants were unprepared for the change, and an outcry from eCommerce merchants over a potential drop-off in customers.
Consumer education will be crucial for the success of SCA
We are seeing big differences in terms of the industry’s preparedness for SCA. Many large retailers such as John Lewis in the UK have already been rolling out SCA measures, whereas many of the smaller retailers still seem to be at the early planning stages.
For the roll-out of SCA to be a success, we still need to see coordinated industry action, especially when it comes to the education of consumers. We did a great job as a country when chip and pin was introduced, with a concerted effort led by the government to prepare consumers for its introduction. We must see a similar education campaign regarding SCA.
Are companies going to notice a drop-off in customers after SCA?
Customer drop-off will certainly be an issue for many eCommerce retailers. According to recent research by Go Cardless, 43 percent of UK consumers believe that ‘speed and ease of payment’ is the most important factor when paying for something online. And nearly half (45 percent) of UK shoppers said they would be frustrated with a favorite brand that introduced new security processes during online checkout. A separate study by Stripe predicts that European businesses could lose as much as €57 billion in economic activity in the year after SCA debuts.
However, I believe that a friction-free shopping experience is still possible, but perhaps not in the way we have known it to date. Because if everyone is aware of the new rules, and prepared for the next ‘authentication’ request, then why would we view these new steps as ‘friction’? If we educate consumers about the new measures and related benefits now, then it will become natural very quickly.
Who should be responsible for educating consumers – banks, retailers, regulators, or a combination?
If we want to ensure that SCA achieves its aim of reducing fraud without negatively impacting consumers’ shopping experience, then all parties need to work together in order to educate and prepare consumers.
For banks and eCommerce retailers, this involves telling their customers that to maintain the level of convenience they want, they’ll need to be prepared for requests for additional authentication. They should also make it clear that these additional measures are designed to keep fraudsters at bay – being put in place for the benefit of the consumer.
Regulators should work together with governments to launch a public education campaign on the new laws. Education will be key to the success of SCA; it will help to limit the confusion consumers might feel about the new measures, which in turn could lead them to either be exploited by fraudsters, or put people off conducting eCommerce transactions.
How can firms minimize a decline in payments following SCA?
Whilst consumer education is key, it is also important that firms are ready for SCA from a technical perspective. This means making sure that they have the capabilities to enable their customers to authenticate themselves via two of the three required routes. For example, some organizations currently don’t have biometrics technology. So, if they choose ‘something you are’ as one of their authentication factors, they need to find the right solution to enable customers to do this.
Closely monitoring their fraud levels, and keeping them low, is also key as it will enable firms to apply for SCA exemptions for transactions up to a certain amount. Successfully doing this will help to provide a more seamless shopping experience for customers.
What do companies need to do to ensure their systems are ready for SCA?
3DS 2.0 goes some way towards SCA readiness – but it will not be the one element that will satisfy all circumstances. It comes back to education: Issuers will need to determine what is the best course of action to satisfy SCA for all their customers, and clearly educate cardholders about their chosen approach. If that means instructing cardholders to conduct eCommerce transactions via their smartphones, they will need to communicate this, and of course will need to tell them why. If they decide to go another route, they need to educate their cardholders what that route will be – to manage expectations and ensure transactions are not abandoned.