Opportunities come in various forms and disguises, and that could be the case for payments and commerce operators when it comes to the European Union’s revised Payment Services Directive (PSD2) and its strong customer authentication (SCA) rules.
Those rules stand as among the most critical emerging regulations in payments and commerce, and over the long term, there would seem to be little mercy for those businesses that fail to comply and fail to find a way to make those regulations work to their advantage. However, authorities recently announced an 18-month delay in the implementation of SCA, which was scheduled to go into effect on Sept. 14. In a new PYMNTS interview, Duncan Barrigan, vice president of product at GoCardless, discussed why that is an opportunity for merchants of all types — especially those in the hot payments and commerce area of subscriptions.
Lack Of Readiness
“There is always a lack of readiness when it comes to wide-ranging industry changes [such as SCA],” he told PYMNTS. He used the General Data Protection Regulation (GDPR) — the recently implemented privacy-boosting rule from European regulators — as an example of that point. “But [SCA] is more problematic than that,” he said.
After all, the strong customer authentication rules involve banks and payments processing and the prospect of significantly increased friction or even the cutoff of transactions should SCA compliance fail. Those who didn't comply with GDPR may not feel immediate consequences on day one — whereas with SCA the impact on the first day is obvious: Their transactions will be declined immediately.
A little review is in order.
SCA stands as one of the most comprehensive global efforts to bring more security to online payments and eCommerce — while also, at least ideally, reducing the friction that can alienate consumers from merchants, financial institutions and payment services providers. SCA mandates that some 300 million consumers will need to confirm their identities for most of their online purchases using two of the following: who they are (e.g., a fingerprint), what they have (e.g., a phone) and what they know (e.g., a password).
The Financial Conduct Authority (FCA) recently agreed to a phased implementation of the SCA rules. The phased implementation will span an 18-month period, and “reflects the recent opinion of the European Banking Authority (EBA), which set out that more time was needed to implement SCA given the complexity of the requirements, a lack of preparedness and the potential for a significant impact on consumers,” the FCA said in a press release.
That delay is not a break, however — something that Barrigan made sure to emphasize. “It’s an opportunity to step back and review your payments strategy,” Barrigan told PYMNTS. “Obviously, that strategy is different for each payments provider and merchant. You want to ensure that you are not going to be the one with the most friction.”
Kick The Can
Those operations that use the 18-month delay otherwise, he said, will likely come to regret it. “They have to make sure this doesn’t become a kick-the-can-down-the-road situation,” he said. “It’s important to think of this as reason to refresh your payments strategy. If you keep kicking the can down the road, you won’t have that can in your hand.”
Some operations no doubt will fail to fully take advantage of that opportunity offered by the SCA implementation delay, or will not put in place the best practices. That’s how things go. However, those companies that do an active job over the next 18 months or so could benefit, perhaps, from picking up business from competitors that end up introducing more friction into their transaction processes. “If there is more friction everywhere, do people buy less or not?” Barrigan asked. “No one will one know until that happens.”
However, for now, the burden is to do the work — the refreshed, revised or perhaps even new payments strategy — that will not only conform to SCA rules but ensure the least friction possible for consumers.