Why you should not see SCA as a threat

The payments system is no stranger to regulations, but PSD2 (Payment Services Directive 2) is given additional importance due to its impact and a new generation’s expectations. However, in this new digital era, PSD2  is the key to fighting online fraud while boosting innovation with new payment services. 

The major development of PSD2 is the introduction of new security measures like SCA (Strong Customer Authentication). 3DS2 technology is the solution specifically designed to comply with the SCA requirements and overcome the shortcomings of the original 3D Secure protocol, 3DS1. For this reason, it will also bring a wealth of benefits to both merchants and customers.

One of the main benefits of 3DS2 is authentication using biometrics, which all smartphones today offer. The future of biometric technologies is promising as customers are inclined to use them due to their simplicity and fast verification process. With fingerprints or face recognition, 3DS2 will significantly help merchants fight fraud, while customers will finally experience a more secure checkout when purchasing online. 

3DS1 was built before the smartphone revolution and was designed only to support web-browser transactions and credit card payments. For this reason, merchants were losing sales, and payment conversions decreased significantly. In contrast, 3DS2 supports most e-payment methods, including mobile, tablet, in-app, and digital wallets, thanks to software development kits (SDKs) for Android and iOS. 

Additionally, customers no longer need to enroll to authenticate themselves. 3DS2 disables the enrollment procedure where a window would pop-up redirecting the customer from the checkout page to the bank’s website. Finally, 3DS2 eliminates the disrupting and unnecessary challenges that 3DS1 created in the user experience. 

Another great advantage of 3DS2 is the chargebacks liability shift for fraudulent transactions from merchants to issuing banks. The former will not be liable in case of a cardholder’s dispute or chargeback due to fraud. This means merchants will benefit from lower costs associated with chargebacks, and no transaction funds will be taken away from their account. 

Furthermore, any regulated third-party payment service providers (TPPs) can access bank accounts under PSD2 and initiate payments on behalf of the customers. On one side, this rule will allow businesses to collect new data for greater personalization of services to enhance customer relationships. On the other side, customers will benefit from a broader range of payment options and new ways to manage their bank account. For this reason, customers’ financial data will be more strictly protected to ensure all market players respect their privacy terms. This is great news for merchants since they will gain the customers’ trust while delivering a better payment experience.

SCA will provide merchants with new insights through behavioral analytics and artificial intelligence. The latter will help identify recent trends or anomalies that would otherwise be hidden in the data. Overall, this rule offers merchants the opportunity to deliver enhanced security, which is a crucial factor in PSD2.

Finally, 3DS2 will have a risk-based authentication (RBA) that allows issuing banks to authenticate the cardholders and decide if additional security is required for an online transaction. With access to sensitive cardholder data, issuers will be better prepared to recognize illegitimate transactions. For low-risk transactions, they will have the option to authorize a 'frictionless flow' where the payment is approved without any security measures. Therefore, by applying 3DS2 only for high-risk transactions, merchants will see fewer false declines. 

According to Visa, less than 5% of the transactions will require additional verification. Providing frictionless payments is advantageous since customers can make purchases quickly and effortlessly. Therefore, if used efficiently, 3DS2 can reduce fraud, minimize cardholder friction, decrease cart abandonment rate, and finally, contribute to a better experience for all parties.

Are you SCA-Ready?

PSPs and e-commerce merchants need to comply with PSD2-SCA. Best is to migrate directly to 3DS2 as it offers a smoother customer experience than 3DS1. 

Your development team should be able to upgrade 3DS 2.0 to 3DS 2.2. In this new version, you should modify some specifications to make the SCA’s proper use for 3DS2 enrolled transactions. 3DS 2.2 allows merchants to have better chances of being eligible for SCA exemptions and thus have higher payment conversions. If done correctly with the right partner, PSD2-SCA compliance can benefit both merchants and customers. While merchants become truly digital and keep up with the speed of change, customers will engage in a redefined e-commerce experience without sacrificing security.

Overall, the Strong Customer Authentication (SCA) protocol will be a game-changer in the EU payment space. Losses can be significant if not SCA-ready, and therefore, all players in the payment space should not have underestimated the efforts to comply with the new requirements for the next fast-approaching deadline.