European Union regulators are eager to pop the top on new regulations to solve the region’s fraud woes. But many merchants still aren’t convinced, says Richard Ellison, founder of boutique wine company Wanderlust Wine. In the latest Merchants Guide To Navigating Global Payment Regulations, Ellison discusses why merchants need more convincing on SCA’s effectiveness.
Merchants in multiple markets, including the EU and the U.S., have seen an uptick in digital transactions during the COVID-19 pandemic – but it may not be enough to offset the overall dip in consumer spending. Businesses seeking to thrive amid ongoing uncertainties, therefore, need speedy and convenient ways to both process digital transactions and determine whether customers are legitimate.
Regulators worldwide have been attempting to generate the right balance between speed and cybersecurity with new rules, strong customer authentication (SCA) being the most well-established example to come into play over the next two years. SCA mandates that most digital transactions authenticate consumers using two-factor authentication (2FA), which may not offer the speed that consumers and merchants want, according to Richard Ellison, founder of U.K.-based online boutique wine marketplace Wanderlust Wine.
“Security is still obviously very key for [consumers], because there are more and more fraudster attempts every month,” Ellison said in a recent interview with PYMNTS. “But I think when it comes specifically to 2FA, implementing it on everything starts to become a bit of a pain. … [If consumers’] phones are dead, then [they] cannot check out, [as a] good example. And for nonessential services, I feel that as a consumer, you should be given the option of whether you want to do 2FA or not, rather than it being imposed on you.”
Online security remains a top priority for merchants and their payment partners, but they need to determine how consumer attitudes toward it may have changed since the pandemic’s onset. This could inform not only how consumers want to interact with online merchants, but how the laws that govern — and authenticate — those transactions could be shaped in the future.
SCA and the Identity Regulation Question
Online retailers must make sure they are accurately identifying consumers to kick out any lurking fraudsters, but they must also do so in a manner that is convenient for legitimate customers, enabling quick transactions and granting the ability to generate future loyalty. SCA was one attempt to create new authentication standards for how transactions can be approved online or with emerging technologies such as contactless payments. Merchants had pressing questions over the application of this rule prior to the pandemic, and these concerns have not abated as consumers’ payment and shopping behaviors have continued to shift.
One report found that COVID-19-related fraud attacks in the U.K. have collectively cost merchants £16.6 million ($21.7 million USD) since the start of June, for example. Bad actors attempt to take advantage of the current chaotic digital retail environment, Ellison explained, by slipping smaller illegitimate transactions by overwhelmed merchants.
“We have seen [an] increase in fraud in this time — petty fraud,” he said. “Not ‘I am spending £10,000 and it went through somehow,’… but more so of people knowing how to trick the systems and disputing card payments, things like that, and then us having to take [them] to court.”
The U.K. Financial Conduct Authority (FCA) has responded to the impact of COVID-19 by extending the compliance deadline to Sept. 14, 2021, possibly in part because the benefits of 2FA have yet to win consumers over. Wanderlust Wine works with a third party to support payment acceptance and relies on it to authenticate transactions, Ellison said. Its payment process is not yet SCA-compliant, however.
“[SCA] does not really come into full effect for a while, so we have not had to integrate that yet, because our technology would not allow us to,” he said. “We have to do a bit of tech work before we can implement that … and, actually, I think a lot of people get fed up with 2FA. I’m not sure how 2FA is going to stop fraud for those who know how to get around the problem.”
Determining the efficacy of SCA is a critical point for regulators and the payment providers tasked with supporting it. This is especially the case now that the pandemic has accelerated the shift to digital shopping and payments, boosting the number of fraudsters paying close attention to these channels.
Increased Online Shopping, Increased Fraud
The COVID-19 pandemic drove many consumers to online retail out of necessity. Wanderlust saw a massive bump in sales in late March and April, Ellison said, with the company’s earnings up about 200 percent year over year. One study showed that 40 percent of consumers have significantly ramped up their digital purchasing since the start of the outbreak. Whether that is for necessities, such as food or medicine, or entertainment and luxury items, such as games and wine, it is important for merchants to determine just how many of these changes will stick.
“The biggest [consumer] mindset change is really about uncertainty,” Ellison said. “Home delivery services — food, alcohol, whatever it might be — is a stock-standard way that people [are] keeping engaged with things they enjoy, and that has become a lot more relevant. So for us, and other home delivery companies, that [mindset change] has become key.”
Though the pandemic has created significant change in the retail space, merchants’ top priority remains the same: satisfying customers. That means online retailers, much like consumers themselves, want authentication factors for these purchases that are swift as well as seamless. It is crucial for regulators to ensure that their proposed standards — whether SCA or other rules — hit that mark.