The Clearsale Blog

Can Strong Customer Authentication (SCA) Hurt Your Online Store?

Can Strong Customer Authentication (SCA) Hurt Your Online Store?

With an eye toward improving the security of online sales, the European Union is implementing new rules for Strong Customer Authentication (SCA) on Dec. 31, 2020.

These rules, designed to help authenticate online payments and reduce fraud will require merchants to include at least two of the following authentication factors in their checkout processes:

  • Something a customer knows (like a password or a PIN)
  • Something they have (like a mobile device or a token)
  • Something they are (like a fingerprint or facial recognition)

However, SCA may not be the end-all, be-all merchants and consumers are hoping for. Here are five ways SCA can end up hurting your online store.

1. The “Knowledge” Factor Is Easily Hackable

Asking a challenge question as a factor of SCA may seem easy enough, but security experts warn this “knowledge” component is typically the most easily compromised. Social media and the internet make it easy to gain information about relative strangers, thanks to consumers’ tendencies to complete online questionnaires and upload photos that divulge personally identifiable information.

All a cybercriminal needs is a little bit of patience and research to quickly crack passwords, PINs and even challenge questions.

2. Biometric Data Is Vulnerable to Fraudsters

While biometrics might seem like a foolproof way to confirm identity — after all, we can’t change our fingerprints or retina the same way we can change our passwords and answers to challenge questions. But that doesn’t mean hackers aren’t creating ways to fool biometric scanners.

In 2015, data thieves stole more than 5 million U.S. federal employees’ fingerprints and other personal data. And a biometric database in India containing 1 billion citizens’ data was hacked, with data sold on social media for as little as $10. And because a biometric is so uniquely identifiable, once it’s compromised, its security can never be reclaimed.

3. Implementing SCA Can Be Complex and Expensive

In May 2019, only 1% of businesses surveyed felt they were prepared for SCA. There’s a good reason: implementation is complex, and full compliance requires a range of product, legal, finance and operations support to ensure changes are implemented properly.

Adding SCA to online stores is turning out to be so complex that 71% of businesses feel implementation will be a significant burden on resources. Many just don’t have the manpower — or the payroll — to devote to implementing seamless solutions that won’t frustrate customers.

4. SCA Adds Friction to the Checkout Process

Not every mobile browser supports the technology required for SCA, and small mobile screens can make it hard to enter complex passwords or complete verification pages. So it’s no surprise that 26% of businesses surveyed haven’t upgraded their authentication processes, because they’re worried about the potential negative impacts to the customer experience.

It’s a valid concern. Approximately 40% of cart abandonments in the U.S. are the result of long or complicated checkout procedures. 3D Secure authentication provides a perfect example; when it was introduced, the friction it added to the checkout process caused merchants to lose up to 22% of transactions.

Moreover, customer perception is a problem, too. When online shoppers are presented with SCA requirements for the first time, they may fear they’re being scammed. For example, redirects to Verified by Visa pages may look like a phishing attack rather a security measure implemented by the merchant.

It’s ironic that security experts have spent the last several years warning customers not to enter sensitive personal data on any web page they’re not familiar with, and now merchants are asking their customers to do just that.

5. Cart Abandonment Is Increasing

Any time friction is added to the checkout process, cart abandonment increases. So when SCA prompts customers to answer personal questions — “Where did you go to high school?” “What was the name of your first pet?” — customers are more likely to abandon their purchase and find another retailer with an easier checkout process.

Or consider what happens when an SCA element requires a customer to retrieve a six-digit PIN sent via text, but the customer doesn’t have their cell phone handy. Or when the customer is logged into a spouse’s account, and the account is tied to the spouse’s phone number. Circumstances like these can result in lost sales, frustrated customers and negative online reviews.

While the perfect solution might not exist to prevent fraudsters from compromising your business and your customers’ accounts, that doesn’t mean it isn’t worth exploring all the available options — especially as regulations like SCA are adopted by markets worldwide.

One way to protect your company’s revenue and reputation is to make sure you have the right fraud prevention solution for your business. Our multilayered approach combines proprietary AI technology with expert manual review. And because we serve companies worldwide, we stay up-to-date on the latest rules and regulations, including SCA, to make sure you’re protected. If you want to learn more about how our unique approach to fraud prevention can protect your business in an ever-changing market, contact us.

Nova call-to-action

 

You may also like

[Industry Focus] Fraud Risk Profile for Nutraceutical and Drug Retailers

[Industry Focus] Fraud Risk Profile for Nutraceutical and Drug Retailers

As people become more conscious of what they’re putting into their bodies, there’s been an increased demand for high-quality supplements and healthful food and beverages. The result has been a..

3 Ways Tech Can Benefit Remote Teams

3 Ways Tech Can Benefit Remote Teams

Ecommerce businesses are used to an ever-evolving digital connection between them and their customers. But 2020’s COVID-19 pandemic has resulted in that digital connection making its way into the..

Shopping Habits by Gender: What’s Changed in 2020

Shopping Habits by Gender: What’s Changed in 2020

Do men hate shopping online? Are women more worried about fraud?

How Management Should Contribute to Fraud Protection

How Management Should Contribute to Fraud Protection

As companies grow, management often delegates business-critical tasks—marketing, technology, fraud prevention—to different departments. While it might seem to be an efficient way to get things..

“I Don’t Need Fraud Protection — My Business Isn’t at Risk!”

“I Don’t Need Fraud Protection — My Business Isn’t at Risk!”

As an e-commerce merchant, you know the risk of fraud, false declines and chargebacks. But maybe you think it won’t happen to you because you’re a relatively new — or small — e-commerce merchant,..

How to Know It’s Time to Create a Mobile App for Your Online Store

How to Know It’s Time to Create a Mobile App for Your Online Store

We rely on our mobile devices for everything—our banking, our gaming, our arguments with that really boisterous neighbor. Naturally, we use our mobile devices for shopping as well.

Are Virtual Events the Future of Retail Experiential Marketing?

Are Virtual Events the Future of Retail Experiential Marketing?

Over the years, retail brands—including those in e-commerce—have turned to immersive experiences as a way to engage customers, build a community, and strengthen their brand experience. Whether..

How Backtesting Can Improve Fraud Prevention

How Backtesting Can Improve Fraud Prevention

They say hindsight is 20/20, and that’s especially true for e-commerce merchants looking to increase their approval rates and decrease fraudulent transactions. It’s easy to look back at..

Is Fraud Risk Scaring You Away From International Shipping?

Is Fraud Risk Scaring You Away From International Shipping?

With cross-border shopping estimated to make up 20% of e-commerce in 2022, many merchants are right to consider expanding into other countries. So what’s stopping them from pulling the trigger?

Want to write
for our blog?

Please review our writers' guidelines
https://www2.clear.sale/press/clearsale-guest-blog-guidelines
and then email guestwriter@clear.sale with your pitch!

Subscribe to our blog