Most consumers have come to expect a one-stop, one-click shopping experience, and merchants want to deliver. eCommerce innovations have been focused on removing frictions for years, and many checkout processes have been streamlined to the point where customer frustrations are minimal.
Creating such an experience is easier said than done, however, especially with rising levels of fraud and new security concerns. PSD2 and GDPR have changed how European merchants handle data, but there is another new standard on the horizon that they will have to comply with: strong customer authentication (SCA).
SCA requires merchants to use two-factor authentication (2FA) and other tools to identify online consumers, adding another step to the shopping experience. The standard will be implemented in September, but 25 percent of European merchants are still unaware of the rule. An additional 24 percent have no plans to implement SCA at all before the deadline.
Compliance with SCA is costly, too, and could represent a notable investment — especially for smaller players. It’s difficult to estimate the potential cost of noncompliance, but those that don’t comply with PSD2 and GDPR are facing significant fines.
The costs are proving to be a barrier for many merchants, but those that understand compliance is necessary if they are to continue operating are partnering with players that can meet their compliance needs. Cas Paton, founder of U.K.-based eCommerce marketplace OnBuy, said this allows them to remain competitive without introducing costly innovations.
“The new [SCA] legislation highlights the importance of working with the right payment solutions that invest in [user experience] and ECR optimization,” Paton said in a recent interview with PYMNTS. “Customers will need to complete extra information to [make a] purchase, but it’s made clear that this additional requirement ultimately protects them.”
SCA, Payment Providers and Compliance
PSD2’s open banking requirements create more opportunities for third-party providers, but it is also opening up new doorways for fraudsters. This is exactly why SCA is necessary in this region. OnBuy, which allows customers to buy goods from individual sellers, partnered with PayPal to circumvent the costly challenges that come with compliance, Paton said.
The PayPal for Marketplace solution allows OnBuy to integrate SCA and PSD2 compliance measures into its platform, he explained. PayPal for Marketplace, which is used by approximately 17 million merchants, was launched in 2017 and aids marketplaces with online payments and new security developments.
“Since we’re already meeting the SCA standard, customers are familiar with the 3D Secure process on OnBuy,” Paton said, adding that there won’t be any major changes to the OnBuy marketplace once SCA is in place.
Authentication is becoming a critical component of shopping online, and establishing consumer trust and security will be key. Regulations like GDPR, which give customers a greater say over how their data is used, could wind up changing the relationships between the customer, the payment provider and marketplaces like OnBuy.
“GDPR, to us, is less about rules and more about a standard of how businesses should handle, store and be accountable for customers’ information,” Paton said. Such regulations ensure that “customers are protected while sellers have the control that they need to handle their orders and communicate with [buyers].”
The ways that companies and marketplaces approach security, authentication and customer data is evolving, and partnerships are just one way that the industry is balancing the needs of both merchants and customers.