With consumers more reliant on digital channels than ever before, enforcement of PSD2 SCA has brought some additional challenges to merchants in meeting the increased demand.
As a recap, since January 1, 2021, European markets have enforced–or are enforcing–the Strong Customer Authentication (SCA) requirement of PSD2 for eCommerce.
So far, so good: Most European issuing banks are ready for SCA. The use of 3DS (the latest version of the 3-D Secure protocol) continues to rise, and authenticated approval rates are in line with expectations. However, with 50 percent of UK consumers unaware of SCA changes , merchants must be prepared to comply with and leverage online payment regulations while also maintaining customer experience.
Less friction, better experience
As we look ahead, I’d recommend merchants focus on some key areas to deliver an optimal payment experience. My top three tips are:
- Upgrade to 3DS. Merchants who haven't yet upgraded to the latest version should do so. This can help you minimize the potential for SCA friction by using the latest 3-D Secure authentication technology. Customers get a better authentication experience, and merchants gain peace of mind that they’re delivering frictionless payment authentication across a range of devices.
- Build your SCA exemption strategy. Beyond in-scope remote electronic payment transactions below €30 being exempt from SCA, consider developing an SCA exemption strategy in consultation with your payment gateways and acquirers. This can help you minimize possible SCA challenges. For example, both the acquirer and issuer could apply what’s known as the "transaction risk analysis (TRA) exemption: Merchants can request such exemptions with pre-agreement from acquirers. I recommend you start here.
- Flag out-of-scope transactions. You should flag transactions correctly, so that issuers don’t decline them for SCA. This requires some thought. For example, transactions that are classed as one-leg-out (OLO –i.e. transactions where the issuer or acquirer is outside of Europe), SCA should be applied as best your business can manage, but you may still want to authenticate them if required.
How to design an optimal SCA challenge process
It can seem like a lot to take on board. I’m often asked, how would you design an optimal SCA challenge process? How can you identify transactions that don’t require SCA? There are multiple considerations.
This is where we can help. We have the people and the tools to help you offer the fast, flexible payment experiences needed for today’s SCA world. As an example: our customers have traditionally used our Decision Manager solution to screen for fraud post-authorization. Now, they're starting to use Decision Manager with Payer Authentication to screen transactions pre-authorization. This means they can use built-in exemption rules to analyze a transaction's risk level, and decide whether to request an SCA exemption. Which means a better experience.
Find out more
To find out how we can help you support PSD2 SCA compliance, minimize the need for SCA challenges and deliver the simple experience your customers expect, please get in touch or visit our SCA resource page.