In only two days, banks, payment providers and merchants in the European Union will finally hit the controversial deadline for compliance with Strong Customer Authentication (SCA). As there are still only 25 percent of merchants that are fully aware of this deadline, there are numerous outstanding questions about what, exactly, SCA means for the EU payment ecosystem.
Merchants are reliant on their card acquirers as well as banks for answers to these questions, and it will be up to those partner institutions and services to ensure that merchants are not left blindsided by a rush of declined transactions under SCA. However, merchants will ultimately be responsible for themselves.
In the latest PSD2 Tracker, PYMNTS looks at how merchants and payment providers are responding to SCA as the rule inches closer to its official Sept. 14 deadline.
Around the PSD2 and GDPR World
While EU merchants may need to comply with SCA, they also need to make sure that consumers don’t experience unnecessary friction by the increased authentication requirements. In the United Kingdom, 70 percent of adults feel as though there are already too many identity checks required for online purchases. U.K. adults may soon be faced with the possibility of more, however, if it is decided that merchants need to add more authentication to satisfy SCA requirements. Both merchants as well as payments providers have expressed worry over how this difference in opinion may affect card abandonment and online purchase behavior.
Regulators within the EU are looking to give merchants a bit more time when it comes to SCA, despite the deadline being immovable. The German Federal Financial Supervisory Authority (BaFin) has expressed concern that the country’s merchants are not ready for the deadline, making their qualms known in a recent official opinion. The regulator is thus looking for ways that it can grant merchants more flexibility when it comes to SCA requirements.
Meanwhile, larger merchants, such as Google, that may be aware of SCA have other problems to deal with. These merchants are confronting the changes to data collection and use brought about by GDPR, and not understanding or complying with the GDPR regulation is starting to hurt their checkbooks. Google is among those companies dealing with potential fines for non-compliance, fighting once more with regulators in Ireland.
For more on PSD2 and GDPR, visit the Tracker’s News and Trends.
How SCA’s Deadline is Impacting EU Merchants’ Authentication Approaches
The scant two days before SCA’s final deadline aren’t enough time for unaware merchants to prepare their authentication measures, a fact that’s leading to no small amount of strain in the EU payments world.
Merchants have stepped onto somebody else’s payment journey, and they will stumble into a world of declined transactions and a lack of customer conversion because of it, said Paul Rodgers, chairman of payments forum Good, in a recent interview with PYMNTS. In this month’s Feature Story, Rodgers discusses why SCA is a necessary step forward for online authentication and payment innovation, despite its challenges.
To learn more about how merchants are responding to SCA, visit the Tracker’s Feature Story.
Deep Dive: Biometric Authentication in a Post-SCA World
Merchants may have many remaining questions regarding SCA, but there is clarity on one issue: A single method of knowledge-based identity verification is no longer enough to qualify as security under SCA. Therefore, merchants and their accompanying security providers need to look at new methods, including biometric forms of authentication, such as fingerprint and face recognition, to comply with the rule.
To learn more about how biometric authentication could be used in a post-SCA world, visit the Tracker’s Deep Dive.
About the Tracker
The PSD2 Tracker, powered by Ekata, is the go-to resource for monthly updates on the trends and changes regarding PSD2 and other privacy and data protection regulations.