SCA is coming, and European merchants must be prepared

By James Pinborough, SCA Product Manager, Accertify
James Pinborough, SCA Product Manager, Accertify explores the of lost sales as the EEC deadline for Strong Customer Authentication looms...

This year we’ve seen an unprecedented shift in shopping habits. The COVID-19 pandemic led to a number of European governments instituting stay-at-home orders, and this meant many merchants needed to shift their business model, close temporarily, or accommodate an upshift in ecommerce sales as consumers increasingly shopped online. 

To further complicate matters, regulation from the European Banking Authority comes into enforcement at the end of the year on 31 December 2020. The regulation, which is called Strong Customer Authentication (SCA), requires merchants to implement a 2-Factor Authentication (2FA) solution in order to authenticate payments. The scope of SCA is limited to cards issued within the European Economic Area and there are exemptions available. The 3DS2 industry standard was created to enhance the security of payments by providing the issuer with the option to authenticate the cardholder prior to authorisation. However, as a minimum all ecommerce merchants based in the EEA should implement 3DS in order to implement SCA. 

If a merchant does not employ SCA, they run the risk of a significant number of sales being declined by the respective card issuers. 

Merchants should not only implement 3DS, they should also implement an SCA optimisation tool. This enables the merchant to maximise all the available exemptions and scope criteria, in order to ensure as many sales as possible are processed with no friction. Identifying those payments which are out-of-scope or exempt can help the merchant to provide a smoother customer experience. 

We have heard in conversations with clients and prospects that many businesses are not ready for the looming SCA deadline, or that they do not understand the responsibilities of the merchant in deploying SCA. If merchants are unprepared, they will absorb the impact of a potentially significant increase in declined sales arising from sales where the customer has not been authenticated or where this is no exemption request. 

All is not lost though: there is still time for merchants to prepare for the enforcement deadline. Ideally merchants should have their solution in place well in advance of their country compliance date, in order to make sure everything is running smoothly. Merchants should be aware of the roll-out plan for their country, which may include managed roll-out periods where an increasing percentage of non-compliant transactions could possibly be declined in the lead up to the enforcement date. Each merchant should analyse their transaction profile to understand which payments are in-scope vs out-of-scope, and which qualify for exemptions. They ought to then reach out to vendors to understand which solution best fits their transaction profile and resourcing. 

Some merchants may find that SCA has little or no impact on them due to their sales being out-of-scope. In addition, they may find that a lot of their sales qualify for an exemption based on the value. Some may determine that given their transaction profile they should request 3DS on every sale. There is no one-size-fits-all solution. Each merchant needs to identify the approach and solution that best suits them and their customers, within the bounds of SCA requirements. 


Featured Articles

Fireblocks buys tokenisation firm Blockfold amid high demand

Fireblocks is acquiring tokenisation firm Blockfold amid rising demand from tier-1 financial institutions to tokenise assets like deposits and stablecoins

Papara will focus on M&A amid expansion, neobank's boss says

Turkish neobank Papara will continue to focus on M&A as part of its European expansion strategy, Chairman Ahmed Karslı is set to tell FinTech Magazine

Wise and Swift join forces on faster cross-border payments

Wise and Swift are joining forces to empower banks and FIs to deliver more cross-border payment optionality as part of a broader long-term partnership

Marqeta: over half of people want Gen AI help with finances

Financial Services (FinServ)

Fintech super-app Rauva to acquire Portuguese bank for €30m


UK's Zopa Bank gets £75m of fresh funding from investors