How Merchants Can Meet the SCA Deadline
April 23, 2021
Having endured a turbulent year unlike any most businesses have had to experience, implementation of strong customer authentication (SCA) under the PSD2 directive is another hurdle for merchants in the EU to tackle (the UK is scheduled to follow the initiative by September 2021).
The changes set to follow suit affect all aspects of the payments value chain. Merchants, understandably, feel they are at the mercy of their acquirers for payment authorization flows.
Context is important for understanding this issue:
SCA is designed for more accurate authentication of customers to reduce fraud rates. 3DSecure2 (3DS2) is widely regarded as the best tool to meet the intended purpose of SCA—it “uses multi-factor authentication, is suitable for all devices, and avoids the same level of friction as its predecessor […] 3D Secure.”
Although the liability shift means that SCA transaction fraud will be taken by the issuer or acquirer, if an SCA exemption if applied, the party applying the exemption is liable for the transaction in the event it was not fraudulent. In certain cases, where acquirers apply the exemption, liability may be passed back to the merchant.
Without appropriate attention paid to exemptions, SCA’s impact can very negatively effect merchant profitability. Merchants would be saddled with the cost of fraud as well as the added friction of too many SCA transactions, leading to cart abandonment and customer dissatisfaction.
What Role Do Merchants Play?
Issuers must focus on ensuring cardholder checkout on merchant sites are legitimate. If unsure, customers may be asked to authenticate, which can add to consumer frustration and cart abandonment. Acquirers, for their part, are focused on minimizing fraud on their platforms. For merchants, that means handing authentication and exemption logic to acquirers and risk negatively impacting consumer experiences.
Merchants, though, have the power the influence the outcome of transactions (using exemptions to regulate friction). Here are a few steps that can be taken:
Jointly agree upon exemption strategy with acquirers to push for the exemptions you want and a comfortable level of risk
Check if you are providing enough data to justify the exemption and limit the number of authentication requests
Keep a close eye on authenticated fraud rates – you may not be liable for them right now, but left unchecked, this will become a problem
Make sure you’re offering “trusted merchant” whitelisting capabilities in the checkout process, so your regular loyal customers can use a frictionless flow.
Consider adopting a multi acquiring strategy – if your primary acquirer breaches Transaction Risk Analysis (TRA), then it will introduce friction in the checkout flow which could lead to consumers abandoning orders.
It is vital for merchants to diligently monitor fraud KPI’s and keep fraud rates low through routine and comprehensive screening. It also remains critical to ensure transactions are screened outside the scope of SCA, so as not to risk scheme fine or customer fallout.
The flow of payment authorizations has never before needed the full cooperation of the payment ecosystem. Customers, merchants, issuers and acquirers alike need one another to keep payments flowing. This means that merchants have a say and influence on the impact of SCA to keep the “balance between fraud prevention and delivering a low-friction customer experience.”