New Rules, New Protections
January 7, 2020
Strong Customer Authentication (SCA) implementation is fast approaching EU regulatory deadlines. The new regulation, that includes card-not-present and eCommerce payments, is due for enforcement on December 31, 2020 in the EU and September 14, 2021 in the UK.
As with any new system, SCA has its own challenges and opportunities. Both Amanda Mickleburg—Director of Fraud Management at ACI Worldwide—and Paul Rodgers—Chairman of Vendorcom—note that the UK and EU have large degrees of unreadiness for deploying these changes.
The pandemic has played a large role in magnifying existing difficulties, and addressing these problems require tools and solutions that enable payment service providers (PSP’s), acquirers, issuers, and merchants to ready themselves for uncharted territory.
Principle stakeholders at IKEA, Arvato Financial Solutions, Mastercard and Swedbank also provided their points of view on this sea wave of change. IKEA and Mastercard, for instance, have upgraded their compliance standards with EMV 3D Secure (3DS2), creating better customer experiences through fraud prevention and secure information exchange.
What Changes Mean
The new authentication protocol (3DS2) is the key component driving the industry’s shift to more stringent validation measures. The resounding advice is that merchants ensure they have EMV 3DS operational within the coming month(s) given its efficacy and the upcoming deadline.
There are exemption measures, of course, many of which merchants and issuing banks are lobbying to take advantage of: deferred payments (buy now, pay “later”), bank transfers, low value payments and recurring payments, among others. These deadlines beckon a new era of digital fraud management and online consumer protections.
ACI Worldwide’s Karin Boettger conducted a full-length interview with many of the stakeholders discussed above. Here are a few compelling and insightful responses:
Katrin Boettger: The SCA deadlines are getting closer. What do you perceive to be the general readiness of the industry, both in Europe and in the U.K.?
Amanda Mickleburgh, Director – Fraud Management, ACI Worldwide: It is fair to say that right now there is still a large degree of unreadiness in the market. SCA is a “big beast” – in terms of legislation, compliance requirements and technical enhancements that organizations need to be make. The current pandemic has made it difficult for many businesses to complete
deployment and conduct enough testing in time for the deadlines, which further compounds the challenge! But we are working actively with our customers and offer them a series of tools and solutions to ready themselves, whether payment service providers (PSPs), acquirers, issuers or merchants. This addresses SCA as well as the issue of SCA exemptions.
Paul Rodgers, Chairman, Vendorcom: I agree that there is still a lot to do for all of us. The industry is very complex and diverse with an interdependent ecosystem. Looking at it in its totality, the level of preparedness is relatively low. But preparations have been stepped up by the national competent authorities across Europe, particularly in the U.K., which is really moving the agenda forward.
KB: From a merchant’s perspective, do you think everyone understands the role they now play in applying exemptions and maybe the control they have in being able to define some of those exemptions?
Johan Carlsson, Commercial Manager, IKEA: At IKEA we have two focus areas. First of all, there’s compliance, so we are working hard to upgrade to the EMV 3D Secure (3DS2) standard. Second, is it to offer a better customer journey. But by doing that, we also use the opportunity to employ 3DS2 and exchange more information, leveraging this information for improved fraud prevention. We leave all the exemptions to issuing banks at this point.
KB: From a financial backend perspective, how can value added solution (VAS) providers support merchants with exemption strategies?
Ralf Hornberger, Global Strategic Partnerships, Arvato Financial Solutions: Our merchants show a high level of creativity right now. What we are seeing is that many are offering deferred payments, for example, especially larger ones, so the customer does not have to actually pay during checkout. They offer” buy now, pay later” options, but also ask people to do bank transfers. Obviously, these are all strategies to circumvent the new rules, to deal with the new situation and keep their businesses running.
KB: Michael, maybe you can offer us an overall picture of the level of readiness as perceived by the Mastercard network, given that you have the luxury of seeing the whole picture end to end?
Michael Sass, Vice resident – Product Management, Mastercard: There is some good news and some bad news that really requires us to focus on specific segments of the market. The good news, we are seeing that roughly 80 percent of the issued cards are ready for 3DS2, the new authentication protocol that the whole industry is shifting towards. The other important milestone we have seen is that 3DS2 performance has massively improved over the last few months and is now actually better than 3DS1.
Merchants should now really focus on deploying EMV 3DS with gusto, because in three months 3DS is going to be a requirement as part of PSD2 and EMV 3DS works better than 3DS1.
To read more, visit ACI Worldwide: https://www.aciworldwide.com/insights/expert-view/2020/october/strong-customer-authentication-new-rules-will-trigger-profound-changes-in-many-organizations?mkt_tok=eyJpIjoiWmpWbVkyRmlOMkpoTVRoaCIsInQiOiJ0ZmdDUStEMEZOdUYwSFBid0tiT0ZEUmRlVlFzOTVkcnIyQ1RVQlRMc1N2ZmhCQWF6RDBPcEhGYllIZFVtdDdWYURlZ2J1UGkyXC9Kbk1WbkZ0N1hXeHVoZHI3bG94a0Q3cEtYV2l1K1N3VUI1N1Y4S2UxRkhYRHRDRE84dEdsVFEifQ%3D%3D