Online purchases 'at risk from SCA rules'
Written by Peter Walker
Retailers and payments providers have warned that a lack of preparedness for the Strong Customer Authentication rules, due to come into force across the EU in September, could risk billions of pounds worth of online purchases.
The regulations require an extra level of verification for most online payments above €30, and form part of the second Payment Services Directive (PSD2). The measures are designed to reduce fraud, but require substantial changes to processes and technology at retailers, banks and payment processors, as well as the co-operation of millions of consumers, who remain largely unaware of the imminent changes.
If shoppers do not approve a transaction, by entering a text message code from their bank or scanning their fingerprint on their mobile, they may not be allowed to complete a purchase.
The Financial Times reported that Stripe chief executive Patrick Collison said the state of industry readiness is “poor” and “for those who aren’t prepared it is going to have a huge negative effect on conversion rates”.
In response, the industry is lobbying for a grace period to ensure readiness.
The European Payment Institutions Federation held a workshop last month in Brussels to discuss SCA, with the likes of Amazon, Apple, Stripe, Visa and Worldpay present, along with European Commission officials.
“The initial set of ideas had a really noble goal, which was to eliminate the cost of cardholder fraud, but the early drafts would have had impacts I could best describe as catastrophic or business-ending or interrupting for many customers,” stated Shane Happach, executive vice-president and head of enterprise e-commerce at Worldpay. “It’s still a very big deal, as there’s no single priority across all the e-commerce players that is more relevant.”
Concerns were raised that not enough people have installed their bank’s app or provided mobile phone numbers to facilitate authentication, or that the new techniques have not yet been tested at scale. The result could be large-scale abandonment of transactions at the checkout, with smaller retailers seen as particularly vulnerable.
Richard Mathias, hybris practice lead for EMEA at LiveArea, commented: “There is no question, PSD2 and Strong Customer Authentication will fundamentally affect every e-commerce provider – it represents one of the largest challenges that online retailers will have ever faced.
“The shift will force retailers to revolutionise checkout, and this level of upheaval can cause instability,” he continued, adding: “Ultimately the brands that ensure customers have a friction-free experience, while also benefitting from the anti-fraud measure promised in PSD2, will be the most successful.”
Rene Hendrikse, EMEA managing director of Mitek, said: “Within the next few months, investing in the right technologies and implementing them quickly and efficiently should be top of the agenda for retailers and e-commerce groups. If not, they will find themselves in serious trouble.”
Last year, Mastercard warned that the SCA rules will lead to a significant increase in the use of biometric technology to authenticate who is paying online.
Visa previously argued that the rules threaten to seriously disrupt online shopping and cause inconvenience for UK consumers.