As the rollout of Strong Customer Authentication (SCA) standards continues in the European market, it’s important to acknowledge that there’s a trade-off involved. Although intended to protect consumers—as well as businesses—against fraud, SCA unavoidably introduces friction into the transaction process.
As noted in a new report published by Fi911, cart abandonment due to new friction points introduced may result in losses that are exponentially greater than the cost of any fraud prevented. Preliminary tests cited in the report found that just 76% of browser-based transactions, and only 48% of app-based transactions, could be verified using SCA. Furthermore, the requirements led 14% of browser-based shoppers, and one-quarter of app-based shoppers, to abandon their purchases.
There are several other roadblocks to consider here as well. Confusion about SCA liability, for instance, might lead to redundancies and oversights, or uncertainty about SCA applicability with different regions and transactions. There’s also the risk of complacency in other areas of fraud management.
Despite these drawbacks, the report upholds several opportunities for financial institutions to make the most of SCA protections while still keeping abandonment, redundancy, and rejections at a minimum.
TRA & Exemptions to SCA Requirements
There are a number of exemptions in place under Strong Customer Authentication rules. Sellers can skip SCA verification for merchant-initiated transactions, as well as any transactions involving mail order, a seller whitelisted by the cardholder, or a corporate or virtual card. These are just a few possible cases outlined.
Perhaps the most significant exemption relies on Transaction Risk Analysis, or TRA. This methodology lets merchants analyse cardholder behaviour to identify fraud threats. Transactions representing a degree of minimal threat can bypass SCA verification.
TRA is an invaluable asset. However, whether or not a merchant can use TRA is dependent on the financial institution.
Acquirers must demonstrate their ability to keep fraud instances below a predetermined acceptable threshold. This is determined based on fraud instances as a share of total transactions processed over the previous 90 days (expressed in basis points). For instance, acquirers may deploy TRA on CNP transactions valued at up to €100 if that institution saw a fraud rate no higher than 13 bps as a share of total transactions. Other, stricter thresholds apply for higher-value transactions, as well as for credit transfers.
Segmenting Friction, Educating Merchants
We must acknowledge that some friction is going to be inevitable with the Strong Customer Authentication rollout. However, institutions may be able to leverage friction to their advantage through merchant education.
It’s important to distinguish between friction that slows down processes for no reason, and that which serves as a valuable deterrent against fraud, abuse, buyer’s remorse, and other issues. Broken links, slow service, and unnecessary, redundant fields during checkout are all examples of the former. In contrast, asking buyers to verify purchases before finalizing is an example of “positive” friction. The same applies for backend fraud tools like geolocation, velocity limits, and fraud scoring.
Institutions can play an important part here by helping merchants conduct a full overview of the customer experience. There are dozens of potential errors that can cause chargebacks, most of which can be avoided with minor adjustments to merchant policies and practices.
Cooperation from financial institutions will be crucial throughout this process. While SCA will introduce friction, institutions have the power to ensure that the impact is minimal, and that any negative impacts can be offset by greater efficiency elsewhere.