PSD2 SCA: Three steps you can take to reduce payment friction

March 29, 2021
3 minute read
Mari-Anne Bayliss
Mari-Anne Bayliss
Cybersource | Fraud Solutions for Europe, the Middle East and Africa

With consumers more reliant on digital channels than ever before, enforcement of PSD2 SCA has brought some additional challenges to merchants in meeting the increased demand.

As a recap, since 1 January, 2021, European markets have enforced–or are enforcing–the Strong Customer Authentication (SCA) requirement of PSD2 for eCommerce.

So far, so good: Most European issuing banks are ready for SCA. The use of EMV 3DS (the latest version of the 3 D Secure protocol) continues to rise, and authenticated approval rates are in line with expectations. However, with 50 percent of UK consumers unaware of SCA changes , merchants must be prepared to comply with and leverage online payment regulations while also maintaining customer experience. 

Less friction, better experience

As we look ahead, I’d recommend merchants focus on some key areas to deliver an optimal payment experience. My top three tips are:

  • Upgrade to EMV 3DS. Merchants who haven't yet upgraded to the latest version should do so.. This can help you minimize the potential for SCA friction by using the latest 3-D Secure authentication technology. Customers get a better authentication experience, and merchants gain peace of mind that they’re delivering frictionless payment authentication across a range of devices.
  • Build your SCA exemption strategy. Beyond in-scope remote electronic payment transactions below €30 being exempt from SCA, consider developing an SCA exemption strategy in consultation with your payment gateways and  acquirers. This can help you minimize possible SCA challenges. For example, both the acquirer and issuer could apply what’s known as the "transaction risk analysis (TRA) exemption: Merchants can request such exemptions with pre-agreement from acquirers. I recommend you start here.
  • Flag out-of-scope transactions. You should flag transactions correctly, so that issuers don’t decline them for SCA. This requires some thought. For example, transactions that are classed as one-leg-out (OLO –i.e. transactions where the issuer or acquirer is outside of Europe), SCA should be applied on a best efforts basis, but you may still want to authenticate them if required.

How to design an optimal SCA challenge process

It can seem like a lot to take on board. I’m often asked, how would you design an optimal SCA challenge process? How can you identify transactions that don’t require SCA? There are multiple considerations.

This is where we can help. We have the people and the tools to help you offer the fast, flexible payment experiences needed for today’s SCA world. As an example: our customers have traditionally used our Decision Manager solution to screen for fraud post-authorization. Now, they're starting to use Decision Manager with Payer Authentication to screen transactions pre-authorization. This means they can use built-in exemption rules to analyze a transaction's risk level, and decide whether to request an SCA exemption. Which means a better experience.

Find out more

To find out how we can help you support PSD2 SCA compliance, minimize the need for SCA challenges and deliver the simple experience your customers expect, please get in touch or visit our SCA resource page.