The Clearsale Blog

How Will Europe’s New Strong Customer Authentication Rules Affect You?

How Will Europe’s New Strong Customer Authentication Rules Affect You?

Global e-commerce can be tough, particularly when merchants need to keep pace with continually evolving rules and regulations. Take, for example, Europe’s new Strong Customer Authentication (SCA) rules that were approved in March 2018 as part of the second Payment Services Directive (PSD2) and originally scheduled to take effect September 14, 2019.

These rules outline new requirements in Europe for authenticating online payments, with a straightforward goal: to reduce e-commerce fraud and increase the security of online transactions by requiring strong customer authentication for transactions of more than €30.

However, although SCA was originally intended to go into effect on September 14, 2019, the implementation will now be phased in over the next 18 months. And that’s not necessarily a good thing.

Although merchants may think they now have ample time to develop a strategy to comply with SCA, in fact, the delay may actually increase the risk for fraud.

Here’s what every merchant needs to understand about the new SCA rules.

What Are the New Strong Customer Authentication (SCA) Rules?

SCA aims to improve e-commerce security by requiring checkout processes include at least two of these authentication factors

  • Something a customer knows (like a password or a PIN)
  • Something they have (like a mobile device or a token)
  • Something they are (like a fingerprint or facial recognition)

To ensure the security of SCA, the European Banking Authority has established regulatory technical standards (RTS) that require each element of SCA to be independent of the other. This means that even if one element of an SCA transaction is compromised, the other elements will still be secure.

Additionally, each transaction authentication code is dynamically linked to both a transaction amount and payee. If either is changed, the authentication code is invalidated.

The RTS also sets minimum requirements for the interface between banks and third-party service providers to increase the security around accessing account information.

All contactless in-person card payments and customer-initiated online payments — including credit card payments and bank transfers — will be subject to SCA rules when both the business and the cardholder’s bank are located in the European Economic Area. Once SCA goes into effect, banks will begin declining payments that require SCA but don’t provide these two authentication factors.

Why Is the Implementation of SCA Being Delayed?

As the September 14 implementation date drew near, it became clear that many retailers had not yet established the necessary procedures to comply with SCA — and the European Banking Authority was concerned this would create large-scale issues with payment processing. In fact, Andrew Cregan, the payments policy advisor for the British Retail Consortium, estimated that up to 30% of e-commerce transactions made after September 14 would likely fail.

The scope of the problem was enormous: The EU stood to lose an estimated €57 billion (US $63.9 billion) in purchase volume in just the first year alone, due to noncompliance.

As a result, in August 2019, the Financial Conduct Authority announced they would delay the implementation of SCA by 18 months. The new phased implementation of SCA is expected to help minimize disruption in online transactions while also ensuring all players in the payment chain have the time and resources to implement the technical fixes needed. 

Why Fraud Prevention Is Now More Important Than Ever

While e-commerce merchants might breathe a sigh of relief at the prospect of being able to delay the SCA implementation, fraudsters are likely ready to take advantage of the delay and continue their sophisticated schemes

These fraudsters have an uncanny knack for identifying and leveraging vulnerabilities in the e-commerce payment chain, and the 18-month delay of SCA provides the perfect opportunity to step up their efforts to take advantage of known weak spots in the online checkout process.

E-commerce fraud activity is on the rise — fraud rings increased 26% between 2018 and 2019 — which means it’s never been more important for online businesses to improve their fraud prevention strategies at all stages of the customer buying journey. The SCA delay gives merchants the time needed to upgrade the checkout process and ensure they are meeting all new standards ahead of the new deadlines.

Is SCA Enough?

As merchants strive to comply with SCA, they must remember that not all fraud prevention methods are created equal.

For example, although one-time-use SMS passcodes are frequently used as an authentication method, these SMS messages are quite easily hacked by fraudsters.

Merchants must also understand that certain transactions are exempt from SCA, including direct debits, recurring payments where the first payment for the same amount and payee was authenticated through SCA, and transactions in which the payee is included in a list of trusted beneficiaries.

Just because SCA implementation has been postponed, merchants shouldn’t become complacent. Any business selling in Europe — and any business concerned about fraud and payment security overall — should proactively be looking for a fraud prevention solution capable of managing the unique risks of international sales, to pick up on even the most subtle indicators of fraud.

The experts at ClearSale do just that and more. With nearly 20 years of experience, ClearSale understands e-commerce fraud as few others can. Contact us today, and let us share our vision for e-commerce via our flexible solution that will protect your business in the ever-changing battle against fraud.

Approval rate - ebook

You may also like

ClearSale Marks Commitment to Growing Online Jewelry Industry with Events and Guide

ClearSale Marks Commitment to Growing Online Jewelry Industry with Events and Guide

Fraud protection leader provides resources to support the rapidly expanding global ecommerce jewelry market.

What Effective eCommerce Fraud Screening Looks Like Now

What Effective eCommerce Fraud Screening Looks Like Now

We’re starting 2021 in a very different place from where we started 2020 in terms of ecommerce growth and fraud prevention. The fast shift to ecommerce and away from brick-and-mortar shopping in..

The customer experience: How the pandemic changed ecommerce

The customer experience: How the pandemic changed ecommerce

The pandemic changed how customers viewed shopping and spending. But as the world moves into post-pandemic, retailers are concerned with creating a positive customer experience. Rafael Lourenco,..

How Social Media Hacks Compromise Your Fraud Protection Efforts

How Social Media Hacks Compromise Your Fraud Protection Efforts

In January 2021, a cybercrime intelligence CTO discovered a database of leaked Facebook data that had been hacked two years prior. The database contains more than 533 million verified Facebook..

Do Fraud Prevention Blacklists Cause More Problems Than They Solve?

Do Fraud Prevention Blacklists Cause More Problems Than They Solve?

Think blacklists are the best way to prevent ecommerce fraud?

If so, you’re definitely not alone. Blacklists are a popular “hands-off” way for ecommerce merchants to try to protect themselves..

An Inside Job at the Post Office (Pt.2)

An Inside Job at the Post Office (Pt.2)

In part two of our conversation, Bruno Farinelli from ClearSale gives merchants advice on how to sell in risky markets, avoid chargeback induced PR nightmares, and avoid the most common mistake he..

Customer Experience: Online vs In-store

Customer Experience: Online vs In-store

A1 Retail asked a range of industry experts how retailers can ensure that consumers are receiving the same level of personalised customer experience online as they would receive in-store.

Cross-Border Shopping Comes With Merchant Concerns

Cross-Border Shopping Comes With Merchant Concerns

THE PERILS OF FRAUD

International fraud protection leader ClearSale released an extensive analysis of its five-country study on consumer attitudes commissioned from Sapio Research titled, 2021..

An Inside Job at the Post Office (Pt.1)

An Inside Job at the Post Office (Pt.1)

What happens when the post office is in on the con? In part one of our conversation with Bruno Farinelli from ClearSale, he shares incredible stories of inside fraud jobs at the post office,..

Want to write
for our blog?

Please review our writers' guidelines
https://www2.clear.sale/press/clearsale-guest-blog-guidelines
and then email guestwriter@clear.sale with your pitch!

Subscribe to our blog