The Clearsale Blog

How Will Europe’s New Strong Customer Authentication Rules Affect You?

How Will Europe’s New Strong Customer Authentication Rules Affect You?

Global e-commerce can be tough, particularly when merchants need to keep pace with continually evolving rules and regulations. Take, for example, Europe’s new Strong Customer Authentication (SCA) rules that were approved in March 2018 as part of the second Payment Services Directive (PSD2) and originally scheduled to take effect September 14, 2019.

These rules outline new requirements in Europe for authenticating online payments, with a straightforward goal: to reduce e-commerce fraud and increase the security of online transactions by requiring strong customer authentication for transactions of more than €30.

However, although SCA was originally intended to go into effect on September 14, 2019, the implementation will now be phased in over the next 18 months. And that’s not necessarily a good thing.

Although merchants may think they now have ample time to develop a strategy to comply with SCA, in fact, the delay may actually increase the risk for fraud.

Here’s what every merchant needs to understand about the new SCA rules.

What Are the New Strong Customer Authentication (SCA) Rules?

SCA aims to improve e-commerce security by requiring checkout processes include at least two of these authentication factors

  • Something a customer knows (like a password or a PIN)
  • Something they have (like a mobile device or a token)
  • Something they are (like a fingerprint or facial recognition)

To ensure the security of SCA, the European Banking Authority has established regulatory technical standards (RTS) that require each element of SCA to be independent of the other. This means that even if one element of an SCA transaction is compromised, the other elements will still be secure.

Additionally, each transaction authentication code is dynamically linked to both a transaction amount and payee. If either is changed, the authentication code is invalidated.

The RTS also sets minimum requirements for the interface between banks and third-party service providers to increase the security around accessing account information.

All contactless in-person card payments and customer-initiated online payments — including credit card payments and bank transfers — will be subject to SCA rules when both the business and the cardholder’s bank are located in the European Economic Area. Once SCA goes into effect, banks will begin declining payments that require SCA but don’t provide these two authentication factors.

Why Is the Implementation of SCA Being Delayed?

As the September 14 implementation date drew near, it became clear that many retailers had not yet established the necessary procedures to comply with SCA — and the European Banking Authority was concerned this would create large-scale issues with payment processing. In fact, Andrew Cregan, the payments policy advisor for the British Retail Consortium, estimated that up to 30% of e-commerce transactions made after September 14 would likely fail.

The scope of the problem was enormous: The EU stood to lose an estimated €57 billion (US $63.9 billion) in purchase volume in just the first year alone, due to noncompliance.

As a result, in August 2019, the Financial Conduct Authority announced they would delay the implementation of SCA by 18 months. The new phased implementation of SCA is expected to help minimize disruption in online transactions while also ensuring all players in the payment chain have the time and resources to implement the technical fixes needed. 

Why Fraud Prevention Is Now More Important Than Ever

While e-commerce merchants might breathe a sigh of relief at the prospect of being able to delay the SCA implementation, fraudsters are likely ready to take advantage of the delay and continue their sophisticated schemes

These fraudsters have an uncanny knack for identifying and leveraging vulnerabilities in the e-commerce payment chain, and the 18-month delay of SCA provides the perfect opportunity to step up their efforts to take advantage of known weak spots in the online checkout process.

E-commerce fraud activity is on the rise — fraud rings increased 26% between 2018 and 2019 — which means it’s never been more important for online businesses to improve their fraud prevention strategies at all stages of the customer buying journey. The SCA delay gives merchants the time needed to upgrade the checkout process and ensure they are meeting all new standards ahead of the new deadlines.

Is SCA Enough?

As merchants strive to comply with SCA, they must remember that not all fraud prevention methods are created equal.

For example, although one-time-use SMS passcodes are frequently used as an authentication method, these SMS messages are quite easily hacked by fraudsters.

Merchants must also understand that certain transactions are exempt from SCA, including direct debits, recurring payments where the first payment for the same amount and payee was authenticated through SCA, and transactions in which the payee is included in a list of trusted beneficiaries.

Just because SCA implementation has been postponed, merchants shouldn’t become complacent. Any business selling in Europe — and any business concerned about fraud and payment security overall — should proactively be looking for a fraud prevention solution capable of managing the unique risks of international sales, to pick up on even the most subtle indicators of fraud.

The experts at ClearSale do just that and more. With nearly 20 years of experience, ClearSale understands e-commerce fraud as few others can. Contact us today, and let us share our vision for e-commerce via our flexible solution that will protect your business in the ever-changing battle against fraud.

is every valid order being approved?

You may also like

[Industry Focus] Fraud Risk Profile for Nutraceutical and Drug Retailers

[Industry Focus] Fraud Risk Profile for Nutraceutical and Drug Retailers

As people become more conscious of what they’re putting into their bodies, there’s been an increased demand for high-quality supplements and healthful food and beverages. The result has been a..

3 Ways Tech Can Benefit Remote Teams

3 Ways Tech Can Benefit Remote Teams

Ecommerce businesses are used to an ever-evolving digital connection between them and their customers. But 2020’s COVID-19 pandemic has resulted in that digital connection making its way into the..

Shopping Habits by Gender: What’s Changed in 2020

Shopping Habits by Gender: What’s Changed in 2020

Do men hate shopping online? Are women more worried about fraud?

How Management Should Contribute to Fraud Protection

How Management Should Contribute to Fraud Protection

As companies grow, management often delegates business-critical tasks—marketing, technology, fraud prevention—to different departments. While it might seem to be an efficient way to get things..

“I Don’t Need Fraud Protection — My Business Isn’t at Risk!”

“I Don’t Need Fraud Protection — My Business Isn’t at Risk!”

As an e-commerce merchant, you know the risk of fraud, false declines and chargebacks. But maybe you think it won’t happen to you because you’re a relatively new — or small — e-commerce merchant,..

How Backtesting Can Improve Fraud Prevention

How Backtesting Can Improve Fraud Prevention

They say hindsight is 20/20, and that’s especially true for e-commerce merchants looking to increase their approval rates and decrease fraudulent transactions. It’s easy to look back at..

Is Fraud Risk Scaring You Away From International Shipping?

Is Fraud Risk Scaring You Away From International Shipping?

With cross-border shopping estimated to make up 20% of e-commerce in 2022, many merchants are right to consider expanding into other countries. So what’s stopping them from pulling the trigger?

Preparing Your E-Commerce Store for the Holiday Season

Preparing Your E-Commerce Store for the Holiday Season

It might still be summer on the calendar, but the holiday shopping season is just around the corner.  Are you ready?

Impact Analysis: Declined Transactions vs. Fraudulent Transactions

Impact Analysis: Declined Transactions vs. Fraudulent Transactions

Selling products and services online offers great opportunities for merchants, but it’s not without risk. Savvy cybercriminals use stolen personal data to defraud merchants, and sometimes, a..

Want to write
for our blog?

Please review our writers' guidelines
https://www2.clear.sale/press/clearsale-guest-blog-guidelines
and then email guestwriter@clear.sale with your pitch!

Subscribe to our blog