Businesses operating in the eCommerce, airline ticketing, money transfer, and banking services industries are projected to lose USD$ 48 billion every year by 2023 due to fraud. Strong Customer Authentication (SCA) was introduced within the last decade as a means of fighting back against these rising numbers to protect both businesses and consumers.
Due to the pandemic and other extenuating circumstances, the deadline for SCA adoption has been delayed several times. The Financial Conduct Authority (FCA) in the UK most recently announced that the deadline has been pushed back to March 14th, 2022.
This extension gives merchants more time to get their systems on board and compliant. However, we can also expect to see confusion as inconsistencies abound across the industry. Different countries and regions are experiencing different delays, and certain rules and regulations are falling by the wayside.
Unfortunately, this uncertainty becomes a breeding ground for fraud and bad actors. Acquirers need to play a pivotal role in ensuring that merchants understand SCA and become compliant in time for the deadline.
What is Strong Customer Authentication? Has It Been Effective?
Strong Customer Authentication is a formalized set of requirements imposed on businesses. As the name implies, SCA requires an extra layer of authentication during the checkout process. In addition to verifying the seller’s card number, address, and CVV, the cardholder’s identity will now be verified according to at least two of the following three factors:
- Possession: Something the user possesses, like a phone or payment card.
- Knowledge: Something the user knows, like a 3-D Secure code attached to an account.
- Inherence: Something the user inherently is, like a fingerprint or other biometric impression.
In April 2019, 3-D Secure Version 2.0 was mandated in Europe with the intention of helping online businesses streamline SCA implementation. However, many merchants were hesitant to fully adopt these new security measures. They feared that it would increase friction during the checkout process and alienate customers.
The resistance that we’re seeing from merchants isn’t entirely unfounded. Examining the concerns raised across the payments space produces three key findings:
- Authentication success rates are low. Microsoft did a preliminary test on the results of SCA in December 2020. They were able to authenticate only 76% of browser-based transactions. For app-based transactions, that figure dropped to 48%.
- Authentication abandonment remains high. When asked to verify themselves according to SCA requirements, customers abandoned 15% of browser-based transactions, and 25% of app-based transactions.
- Challenge rates remain high. Challenge rates for browser-based transactions sit at 72%, while for app-based transactions, the challenge rate rests at 73%.
How Financial Institutions Can Help
Clearly, the journey toward Strong Customer Authentication compliance has had its disadvantages.
While the latest delay to SCA adoption allows merchants more time to prepare, it’s important that financial institutions spend this time helping merchants through the process. They can play their part by implementing the following actions:
- Education: Acquirers can help merchants navigate the actions that are required to ensure SCA application, as well as prevent unnecessary declines.
- Explain the Outliers: Transactions that fall outside the purview of SCA, such as merchant-initiated transactions, will require a nuanced approach. Merchants will need to understand how to handles these situations and safeguard against unnecessary declines.
- Help with Rescreening: Rescreening orders can help authenticate buyers who would otherwise have been rejected, which allows merchants to recover valid sales.
- Emphasize the Customer Experience: It’s more important than ever to provide a positive customer experience and streamline all interactions with buyers.
- Distinguish Between “Positive” and “Negative” Friction Points: Some friction is unavoidable with SCA. However, not all friction is negative. Positive friction creates a reasonable degree of friction that is hardly noticeable from the buyer’s perspective, but which is effective at stopping fraud.
There’s no time for complacency. As we approach SCA deadlines, financial institutions must prepare to offer ongoing support to merchants. All parties involved in the transaction process need to remain vigilant in the fight against fraud and do their part to ensure a secure and smooth transition to full SCA adoption.
Have additional SCA questions? Our recently-published guide, The State of SCA Adoption in 2021, offers an in-depth look at strategies to help financial institutions and merchants make the transition to a post-SCA environment. Request your free copy today.