Last year’s PSD2, the second Payment Services Directive, was established in response to the huge growth of the online marketplace, and the inevitable increase in cybercrime that came alongside it, impacting all online retailers operating or selling within the European Economic Community.
Complying with these new regulations is a must for any retailer’s continued operation, and these standards will be coming into effect in the UK, regardless of the outcome of Brexit. If successful, other countries may well follow suit, so following the evolution of PSD2 is a great idea for eCommerce operators all over the world. The roll out of PSD2 has seen many changes that have already come into effect, such as the arrival of the far less clunky 3D Secure 2.0, a greater capacity for retailers to collect strategic information on their customers while following obligatory consent practices, and the need for banks to provide Application Programming Interfaces, allowing Service Providers to create innovative solutions for the continued improvement of retail flow.
The significant milestone currently approaching is for online retailers to meet the deadline on September 14th by which all eCommerce shops must have SCA, or Strong Customer Authentication measures in place. As an online retailer, this is the moment to sit up and pay attention, as failure to do so will potentially result in substantial fines. If you haven’t taken steps to ensure you meet this deadline, now is the time to get on the case.
What Does Strong Customer Authentication Mean?
SCA is intended to reduce online fraud and ultimately means that multiple identification factors must be met at the point of purchase for a payment to be authorised. To meet SCA, two out of the following three factors must be provided for:
- Something the customer knows, such as a password or pin
- A physical thing that the customer has, such as their mobile phone
- A biometric means of identification, such as a fingerprint or facial recognition
Starting from September 14th, except for some specific and limited transactions, any “customer-initiated” payment that does not meet SCA criteria will be declined. Customer-initiated simply means a payment in which the customer is entering their payment information at the point of sale, so this will cover the majority of eCommerce transactions. Merchant-initiated transactions, in contrast, will not require SCA, which come in the form of direct debits, standing orders, or pre-authorised payments for in-platform plugins. For online retailers, customer-initiated payments will likely encompass most, if not all of their transactions.
What Challenges Do You Need To Prepare For?
The downside to be aware of is that the arrival of SCA will mean a potentially slower checkout experience for online shoppers, especially those who are used to one-click ordering and other speedy forms of checkout. This extra security layer may add friction to the flow of the user’s experience, and as such, it is important to highlight to your customer base why these changes are being implemented.
Highlighting that SCA is intended to reduce the occurrence of online fraud and protect customers from risks while shopping will help to retain customers and complete sales, whilst your users transition to a new way of doing things. Preparing a strategy for handling any potential complaints during the transition period will also ensure that customer satisfaction is maintained during the switch.
What Advantages Will This Element Of PSD2 Bring?
Incidents of online fraud have predictably increased in line with the boom of online retail, and SCA is intended to put a major damper on this problem. Eliminating all online fraud is an unlikely achievement, but PSD2 will go a long way towards improving customer safety, creating the means for service providers to develop new ways of protecting online shoppers. This evolution will allow you as a retailer to build and maintain trust with your customer base.
PSD2 is also intended to create increased competition between payment service providers that will mean greater payment choices for retailers to offer, and more competitive pricing, which can in turn be passed on to customers. This dynamism in the payment market will stimulate improvements in the SCA process and greater potential for retailers to gain useful insights into the shopping needs of their visitors.
What Do You Need To Do Next?
Many payment service providers will also be offering their own built in SCA solutions. If your payment service provider does not, this may be the moment to consider switching, or adding alternative providers to your shop, giving greater choice to your customers.
For PrestaShop retailers, the PrestaShop Addons Marketplace offers a substantial range of modules that will enable 2-factor authentication within your online shop. Each offers unique features, so you will be able to find the perfect SCA solution for your own unique checkout process and business model, that slots neatly together with your preferred payment provider. https://addons.prestashop.com/en/
For WooCommerce retailers you can read a lot more here https://woocommerce.com/posts/introducing-strong-customer-authentication-sca/#
As mentioned earlier, there are some circumstances that offer an exception to the 2-factor rule, but these are limited in scope. Certain low value transactions may be exempt if they meet certain thresholds when it comes to the fraud safety assessment of the shopper’s bank and the payment service provider, but even in such cases, every fifth transaction will still engage a 2-factor security requirement. Some retailers may be eligible to side-step SCA by demonstrating that they have other anti-fraud measures in place, but with substantial penalties and fees at play, this approach is muddy water in legal terms and therefore best avoided without specialist legal guidance.
Moving forwards we would recommend embracing SCA with a strong and simple customer information campaign, allowing your eCommerce shop to grow while protecting your customers and meeting your legal obligation for PSD2.