PSD2 and SCA: Got questions? We have answers
With the issuance of Strong Customer Authentication (SCA) guidelines under PSD2, NuData staff are often approached with questions about the impact of these regulations on the market as a whole.
As a leader in this space, we want to make sure our customers have answers to some of the top questions we have received. This is what our experts responded:
Is the market ready to implement Strong Customer Authentication (SCA)?
The market readiness is closely tied to the needs in the landscape – what customers demand in terms of security – and the technologies available to comply with those regulations. Based on those two aspects, now is the perfect time to start implementing SCA to not only have a mature payment authentication tool by the time the requirement takes place, but also to demonstrate end users that their security is paramount to the company’s business.
Rules on strong customer authentication aim to reduce fraud in electronic payments and will be most effective if combined with a best-in-class consumer experience. As every device becomes a payment device, we see a world of opportunity to deliver new and improved services that not only meet the core requirements of ease and convenience, but also adhere to new, improved standards for security and consumer protection.
The imperative for all those who operate in this space is ensuring that, as technology evolves and behaviors change, the way we pay is centered on the individual: frictionless, convenient and secure. This shift will be a process all companies, big and small will have to start working towards for the benefit of consumers.
Yes, companies are still waiting for big players in the space to take action and deploy SCA-compliant solutions, like EMV 3-D Secure 2.0, to see how they facilitate SCA to their customers. And, the good news is that major brands are starting to use the new 3-D Secure protocol, which allows companies to comply with SCA requirements.
Are we going to notice a drop-off in customers/sales if we implement a solution for SCA?
Not if you deploy thoughtful and low-friction solutions, and work to educate their customers as to how and why they intend to protect them. As with any innovation, building trust between all participants is key. It is paramount that the consumer experience remains (or becomes) as seamless as possible. Without trust, consumers and businesses will reject new solutions. But if robust safety and security solutions lead to clunky user experience, they will reject them just the same.
Education is a big part of this transition. As users, we like to understand what is happening, why we are suddenly being asked to authenticate ourselves with a fingerprint scan when before we didn’t need to, for example. Most uncertainty and frustration comes from a lack of communication and transparency.
Similarly, companies can choose PSD2-compliant vendors for security reasons alone, but can also implement the tools that are careful about the user experience and reduce friction as much as possible. Passive biometrics, for instance, provides insights for the inherence portion without asking the user to execute additional actions.
Combining education with choosing the most convenient and compliant tools will help reduce the risk of cart abandonment.
What can we do to ensure our customers do not look to other international providers to avoid SCA?
Make sure that your toolkit of SCA-compliant solutions enables the consumer to complete transactions successfully, with the minimum friction required.
At the same time, consumers are becoming more aware of online fraud and the need for security. In Europe, 3DS (1) has a high penetration rate, more so than in the U.S. This means that the expectation for authentication for payments is more widespread than in the U.S. That’s a point in favor, but continuing to educate users is paramount: merchants need to assert their value not only as a brand that provides wanted goods but also as a brand that takes their user’s security seriously. This is a value that end users are starting to look for during online interactions.
What do we need to do to ensure our systems are ready for SCA?
Companies need to have access to the appropriate tools to meet the SCA standard. At the same time, to benefit from the SCA exemptions, companies need tools that can navigate the regulatory requirements while reducing consumer friction and inconvenience (for example, make sure that a transaction under 30€ doesn’t go through a step-up and can be approved seamlessly).
There are solutions in the market today that provide user verification based on user behavior and passive biometrics (inherence) and device identification (possession), that can be integrated with rules and policies to transparently and automatically comply with SCA requirements.
NuData’s 3D-Secure solution, Smart Interface, teamed up with our NuDetect suite of solutions, to offer such capabilities.
How can we minimize the impact on payment acceptance following SCA?
The introduction of SCA-compliant solutions in the marketplace should reduce the volume of fraudulent transaction attempts, leading to less risk in the transaction and payments ecosystem as a whole. NuData’s experience with Smart Interface has shown that false declines are reduced when more data is available to all transaction participants, from the merchants through to the issuers. Having deeper view and understanding of the behaviors of a given user leads to better decisions about transaction risk.
The key question here is not how to minimize a decline in payments but how to minimize fraud while processing legitimate transactions, which is what this regulation will help merchants do with more confidence.
It is important for merchants to understand that, at the end of the day, implementing a solution for Strong Customer Authentication is not a mandate to cause additional friction. The Payment Services Directive is looking out for merchants and their customers; SCA is driving higher security for online activities to make customers more confident when transacting online. NuData is staying up to date on the mandates and working on solutions that not only help our merchants keep their customer’s data secure, but also drive a better buyer experience and reduce cart abandonment.
Still have more questions? You can email them to us at email@example.com to get a copy of our complimentary Aite report that talks about PSD2.