As Strong Customer Authentication (SCA) becomes fully implemented, the merchants, banks and third-party payment services within the European Union (EU) are still working out the particulars.
The impact of the regulation on the way payments and authentication can be conducted is being felt throughout the EU, but regulators in a variety of markets are still evaluating how SCA can best be applied. Regulators, as well as merchants, are also looking for ways to break the news to end customers, who may be less aware of SCA’s potential effects on their online purchases than their financial institutions.
In the latest PSD2 Tracker, PYMNTS looks at the ways EU merchants and payment service providers (PSPs) are adapting to SCA as it comes into full effect, as well as how third parties and FinTech firms are moving to take advantage of the expanding PSD2 payment ecosystem.
Around The PSD2 And GDPR World
SCA awareness is still one of the top problems faced by payment providers in the EU, as many merchants may still not be knowledgeable of the rule. End customers may not be aware, either, which presents a significant quandary to both PSPs and merchants, according to one recent study that found more than 76 percent of end customers were unfamiliar with SCA. This is in contrast with the 88 percent of EU merchants that believed their end customers were, in fact, aware of SCA and its impact.
Some SCA compliance questions are easier to answer than others. The European Commission recently determined that SCA will still apply to EU customers who make online purchases from U.K. websites, even in the event of a no-deal Brexit. The payments will need to comply with SCA’s verification rules for two-factor authentication (2FA), meaning EU customers must still meet two out of three criteria when making a purchase, which include authentication in the inherence, knowledge and possession categories of SCA.
SCA and its impact on security and data privacy may not be limited to the EU, as more countries — and even states — begin to implement new privacy and payment rules of their own. Merchants in California, for example, are marshalling themselves as the state prepares to launch its California Consumer Privacy Act (CCPA), due to debut in January. The act gives rights to the state’s 40 million residents that are similar to Europe’s SCA and GDPR rules, and large technology businesses are still prepping for its potential effects.
For more on the latest PSD2 and GDPR news, visit the Tracker’s News & Trends section.
Keeping Transactions Seamless As Security Needs Evolve
The authentication challenges that SCA presents to merchants and their payment partners mean that many must significantly restructure the ways they treat online payments. Customers have their own particular payment demands, however, and verification tools cannot undermine the convenience that many consumers have come to expect with online shopping, said Paul Adams, director of payment acceptance for card acquirer Barclaycard.
In the Tracker’s feature story, Adams explained how payment providers and merchants are approaching the relationship between speed and compliance under SCA.
PSPs And The SCA Customer Satisfaction Challenge
Security is not the only challenge merchants and PSPs need to meet as the regulation finally spreads throughout Europe. Consumers around the EU still expect their transactions to process at the same speed and level of seamlessness as usual, despite new authentications in place, and it’s up to the PSP to facilitate that. PSPs, therefore, need to find a way to comply with SCA that does not alienate consumers, who still may not know of the rule.
For more on how PSPs are managing the balance between compliance and customer satisfaction, visit the Tracker’s Deep Dive.
About The Tracker
The PSD2 Tracker, powered by Ekata, is the go-to resource for monthly updates on the trends and changes regarding PSD2, as well as other privacy and data protection regulations.