On 14th September 2019, as part of PSD2, Strong Customer Authentication (SCA) for authenticating online payments will be introduced. These new regulatory requirements are designed to make online payments more secure and reduce fraud and the costs associated with it. To put this in perspective, the total transaction value of the digital payments segment in 2019 in Europe is expected to amount to $730,410m, and, at a CAGR of 8.1%, is expected to hit $996,527m. Therefore, this is a large segment that will now be subjected to the new requirements, and it is important that the friction caused by them is minimised.
SCA will focus on strengthening two-factor authentication for all online payments, although exemptions are permitted to allow for “frictionless flow”. This authentication is based on the use of two or more elements categorised as knowledge (something only the user knows), possession (something only the user has), and inherence (something only the user is). SCA applies to all customer-initiated online payments in Europe, i.e. merchant-initiated transactions (such as recurring direct debits) are exempted.
Authentication today relies on 3DSecure (3DS). 3DS usually involves the inclusion of an additional step in the online transaction process, where customers are typically taken to a separate page to provide additional information, such as a one-time code sent to their phone. However, with the implementation of PSD2, a new version, 3DS2, will come into effect, designed to provide a smoother user experience. One of the ways we’ve seen 3DS2 being used is in the implementation of mobile wallets, and using biometric layers of authentication (fingerprints, face identification, etc.).
As mentioned above, though, certain transactions may be exempted from SCA, such as specific types of low-risk payments. By including these exemptions in the payments process, merchants can remove an additional step in the payment process, allowing for a smoother user experience. For more information on these exemptions, look out for our follow-up to this article outlining some of the key exemptions coming up next week.
Penser is a specialist consulting firm focused on fintech, payments and open banking. We provide strategic planning, digital transformation, and due diligence services.