The SCA - or Strong Customer Authentication - is a European law, which introduced new regulatory requirements for online and contactless transactions in the European Union. The law officially came into effect on 14 September, 2019, however the final deadline to roll out changes has been pushed back to 31 December 2020, with a few exceptions for an even later time in 2021
The new cut-off time is quickly approaching. That said, implementing SCA-related changes can prove to be too much of a challenge, considering many vendors are still wrestling with the consequences of the pandemic as well.
"What should not be overlooked is that SCA encompasses not just 2FA, but much more, including dynamic linking and proper messaging to the customer about operations being authorized," notes Marius Galdikas, CTO at ConnectPay.
Strong Customer Authentication (SCA), the latest security standard in the EU’s payments regulation has been keeping market players on their toes. Business readiness to support it is becoming an increasingly pressing matter due to the rapidly approaching enforcement deadline, as well as rising levels in e-commerce fraud.
For those out of the loop, the SCA law states mandatory two-factor authentication for all online transactions and contactless payments made within the EU. Given the fact that, globally, e-commerce scams have been rising, the new reform is expected to provide an extra layer of security for customers.
In April 2020, the fraud attempt rate based on transaction value rose by 13%, compared to the same timeframe in 2019, emphasizing the favorable timeliness of the regulation. However, without proper preparation on both ends of the transaction, the enforced requirements are likely to result in increased friction, rather than weeding out scammers.
Marius Galdikas, CTO at ConnectPay, notes that there are still many questioning why and how exactly will this affect them. Businesses and PSPs were not ready to handle the high-volume traffic alongside setting up the new safeguards, hence the EBA’s permitted delay. A number of them, mostly SMBs, are still unaware of the SCA’s true impact on their activities, he stated.
To reduce the number of confused shoppers, declined payments, and abandoned shopping carts, Mr. Galdikas advises getting on the path of SCA compliance should be the north star of every vendor’s current roadmap to prevent losing a great deal of sales. "What should not be overlooked is that SCA encompasses not just 2FA, but much more, including dynamic linking and proper messaging to the customer about operations being authorized."
Although SCA compliance should be at the top of everyone’s mind, it is overshadowed by the current global landscape. Vendors are still wrestling with the consequences of the pandemic, trying to raise profits after months of imposed lockdown, and, with the deadline closing in, some described this European Commission’s law as kicking retailers while they’re down.
That said, in April the global e-commerce retail sales reached 209 percent year-over-year revenue growth. According to Mr. Galdikas, despite the adverse circumstances, implementing SCA-related changes is imperative in terms of avoiding the precipitous levels of fraud, rising alongside increasing profits.
And yet, there are a few moments the policy failed to observe, for example, making bulk payments transactions to multiple beneficiaries from a single bank account and the intricacies concerning their approval. Each payment order has a unique ID and requires distinct PIN codes to verify them. However, generating many PINs and fast becomes tricky, especially for banks still running on legacy systems, which are not up to speed to SCA requirements.
Mr. Galdikas notes the urge to move SCA up the list of priorities for merchants and PSPs to prevent transactional errors, mentioning ConnectPay has already done so in early May. It released an App, which covers multi-factor authentication and one-tap approvals for payments, and is also the basis for numerous innovations to come.
The new SCA requirements may still be a head-scratcher for businesses, banks and consumers alike, hence the importance to give it the necessary attention - to avoid vital steps being lost in translation.
Courtesy: ConnectPay, an online banking service provider for internet-based companies.