As merchants race to comply with costly and complex strong customer authentication (SCA) mandates, Adam Zamecki, director of sales at online payment platform SecurionPay, makes the case for machine over man in the race to comply.
The European Union’s Payments Service Directive 2 (PSD2) and its SCA mandate have been game changers for merchants across Europe, requiring them to meet high authentication standards to increase customer security. SCA seems fairly simple in concept, requiring two out of three distinct multi-factor authentication (MFA) methods such as biometrics, passwords or smartphone-based codes, but its implementation has been anything but simple.
Many merchants are struggling with acquiring technologies to meet the SCA requirement, and some are confused about which transactions are affected or whether they are required to comply. Both issues have resulted in slow SCA merchant adoption, according to Adam Zamecki, director of sales for the online payment platform SecurionPay.
“We’ve noticed that there were common misunderstandings, usually around exemptions to SCA,” said Zamecki. “Often, we were asked if merchant-initiated transactions required SCA. What is the value of a transaction that is exempt from SCA? Is [authentication] mandatory for recurring transactions? A lot of merchants had questions about the potential decrease [in] conversion rates. ‘How will it affect my turnover?’”
Zamecki and SecurionPay sales manager Michael Kalwasinski recently offered PYMNTS an inside look at the challenges merchants face in implementing SCA while detailing how companies can work to make authentication as seamless as possible.
SCA Implementation Challenges
One of the main issues behind the miscommunication and adoption hurdles plaguing SCA involves the banks that issue customers’ payment cards. Many of these financial institutions (FIs) have dragged their feet in preparing for and implementing SCA, causing merchants to be unprepared for the SCA deadline as well.
“By analyzing the market, you could say that in the past months, the issuing banks were an obstacle, and not the FinTechs or the merchants,” Kalwasinski said. “Institutions such as SecurionPay [have been] ready to implement SCA for some time now, [but] the adoption process with some of the local banks in some of the countries was much slower. This led to losses for merchants, who were afraid to use new authentication methods, as some of the banks were not ready for it.”
Another obstacle to smooth SCA implementation has been merchants’ concerns regarding excessive customer friction, as the legislation has forced many to add security steps to their transactions. They have worried that this added friction could cost sales.
“Merchants are concerned that another layer of security adds complexity to the customer experience, as it forces a cardholder to provide additional information to complete payment,” Zamecki said. “The new regulations are for customers, not only for banks and businesses. They also need time to learn new habits and, even more importantly, trust new services.”
Governments have already pushed the SCA deadline several times to give merchants more chances to implement new authentication systems, but time is beginning to run out. SecurionPay and other payments providers are acting to make payments authentication as seamless as possible, however.
Meeting Merchants’ New Authentication Requirements
SecurionPay is automating as much as possible to create a minimal amount of guesswork and eliminate redundant authentication checks. The provider aims for customers to provide the required authentication and make sure merchants know what to ask for.
“[Our system] automatically recognizes the transaction requests and detects if it is an initial or a recurring transaction,” Kalwasinski said. “Other systems often require that the merchant sends the transaction requests with exemptions, making the process more complicated.”
Such automation has helped merchants authenticate more transactions than they did even before SCA’s implementation, Zamecki said. The technology accelerates payments and makes them more secure, which was largely regulators’ intent when signing SCA into law.
“A lot of our merchants have seen an increase of approval rates after they’ve implemented SCA,” Zamecki said. “Some of the transactions [used to be] rejected by the issuing bank, due to the potential risk of chargebacks. With SCA, this risk is reduced, and issuers are more inclined to accept the transactions.”
SCA’s slow rollout has come with its share of obstacles, and merchants have understandably needed a bit of help to figure out and fulfill regulatory requirements. Those still scrambling to achieve compliance would do well to consider automated solutions.