New requirements for authenticating online payments will take effect in Europe on the 14th of September 2019. The new regulations are a part of the second Payment Services Directive (PSD2). Let’s take a closer look at these new requirements known as Strong Customer Authentication (SCA).
What Is Strong Customer Authentication?
Strong Customer Authentication (SCA) is a new European regulatory requirement which will help to ensure the security of online payments and reduce fraud. Once SCA goes into effect, all the merchants and payment processors will need to include additional authentication in their checkout flows. SCA requires authentication to use at least two of the following elements: something the customer knows (e.g. password or PIN), something they have (e.g. phone), something they are (e.g. fingerprint or face recognition).
When Is SCA Required?
Strong Customer Authentication will be required for “customer-initiated” online payments within Europe. Therefore, most card payments and all bank transfers will require SCA. Recurring direct debits though won’t need it as they’re considered “merchant-initiated”. In-person card payments are also not impacted by the new regulation. However, contactless payments will be an exception.
You need to comply with SCA if:
- your business is based in the European Economic Area or you create payments on behalf of connected accounts based in the EEA
- you serve customers in the EEA
- you accept credit or debit cards.
How You Can Authenticate A Payment
At the moment, the majority of European cards support 3D Secure is an authentication standard. This is the most common way to authenticate your payment. Applying 3D Secure usually requires adding an extra step after the checkout. The bank will ask a cardholder to provide additional information to complete payment. A cardholder will receive a one-time code or needs to carry out the authentication through a mobile banking app.
That is to say, along Strong Customer Authentication, the new version of 3D Secure will roll out. It’ll become the main method for the payment authentication which goes along with the requirements of Strong Customer Authentication. The new version should provide better user experience and minimize some of the inconvenience that authentication adds into the checkout flow.
Such payment methods as Apple Pay or Google Pay already have payment flows with a required additional authentication step. Biometric authentication or password are a few examples of it. Thus, they’re already meeting new SCA requirements. Stripe, for example, came up with the updates for their API and new products that will let its users request additional authentication only when really required.
How It May Influence Your Business
The new regulations and requirements may hugely affect eCommerce in Europe. Adding authentication into your checkout flow means adding an extra step that customers should take. Therefore, the businesses that don’t prepare for these changes may see a significant decrease in their conversion rates once SCA comes into effect.