Getting a grip on PSD2: Why it pays for businesses to be on top of SCA in 2021

Last year was an extraordinary year for e-commerce, with UK online sales an astonishing 50% higher in August compared with February, according to ONS statistics. However, the boom for online commerce was not without its challenges as merchants sought to manage greater supply chain pressures and the need to upscale deliveries.

In addition to this increasingly demanding environment, there are more significant changes on the horizon this year, namely the ongoing rollout of Strong Customer Authentication (SCA) - a new, central element of Europe’s revised Payment Services Directive (PSD2) legislation. In practical terms, SCA brings additional security authentications for certain e-commerce transactions, a process designed to add an extra layer of fraud protection when cardholders make an online payment.

SCA officially came into law across the EEA and UK in September 2019, but it’s only from 1st January 2021 that many national regulators across the region are actively enforcing the regulation.

However, despite the legislation having already come into force for many, some online retailers are yet to begin taking the necessary steps to integrate SCA. If they don’t act soon, they risk payment providers declining transactions, which could ultimately lead to a loss of revenue and cause unnecessary friction, potentially driving customers away. And, while in the UK, the Financial Conduct Authority has confirmed a revised enforcement date of 14 September 2021, other countries’ regulators are requiring the industry to ramp up SCA now. It therefore is imperative for businesses to take immediate action to be ready for the implementation of the SCA requirements.

The challenge for online merchants is to strike the right balance between authentication and seamlessness. This is not simple given the growth of new e-commerce customers has also led to a corresponding rise in payments fraud -  over £16 million lost to online shopping fraud during the first lockdown in the UK, according to Action Fraud. As such, implementing the technology to allow for SCA has never been more important.

However, there are clear steps online merchants can take to implement an SCA solution to enable them to continue to offer a secure and seamless checkout experience for their customers.

Creating a seamless experience using industry standards  

EMV® 3-D Secure (3DS) has been created as the global industry standard, enabling businesses to undertake SCA integration for all major networks saving time and resources – both of which are a priority for many businesses in the current climate.

With online transactions representing an increasingly large part of many businesses’ operations, it’s vital that businesses take advantage of this new, standardised technology to help minimise the disruption to the checkout process without compromising customer security.

Data is king

When it comes to streamlining the transaction process, businesses can start by incorporating and maximising data insights. As part of this, businesses should look to adopt technology that doesn’t require any additional input from the consumer. 3DS does just that – by providing data insights on the purchasing journey, issuers are able to model risk and, where PSD2 exempt, minimise levels of challenge rates - ensuring a smooth purchasing journey and, in turn, reducing basket abandonment.

Tried and trusted

Whilst maintaining fraud protection for consumers and businesses alike, cardholders can select merchants as ‘trusted’ and be exempted from the requirements of SCA, to further support a seamless customer experience.

As online merchants grapple with ongoing uncertainty, every single purchase counts. That’s why at American Express we recently launched SafeKey 2.2, a security solution that leverages the global 3DS industry standard.

With just a few months until the UK regulations come into play, online marchants should waste no time in implementing technology to ensure they are SCA-compliant, without compromising consumer experience.

To find out more about how SafeKey will help protect your business and support a smooth online checkout experience, visit our website. We have recently simplified the businesses set up process; businesses no longer have to enroll directly with American Express and can start using SafeKey as soon as they have completed technical set up with a certified 3DS Server (MPI) Provider.  For a list of certified 3DS Servers, please click here.