Earlier studies found a surprising lack of both consumer and merchant awareness about the European Union's Strong Customer Authentication (SCA) and second Payment Services Directive (PSD2) regulations. Post-SCA deadline, a lack of readiness persists. SCA awareness is thankfully high among the payment providers tasked with executing and communicating the mandates to businesses and consumers.
In the latest PSD2 Tracker, PYMNTS looks at the ways EU merchants and payment service providers (PSPs) are adapting to SCA as it comes into full effect, the problems awareness is causing for merchants and PSPs, as well as what merchants have learned from General Data Protection Regulation (GDPR) that could apply for new regulations.
Challenges in the EU and Beyond
PSPs face complexities when building secure, satisfactory payment experiences for European customers, as countries’ approaches to implementing SCA requirements differ. Each country has put a unique twist on SCA, which means PSPs are now juggling fraud developments, individual regulatory concerns, protection needs and unsuspecting consumers and retailers in each European market.
SCA and its impact on security and data privacy may not even be limited to the EU, as more countries — and even states — begin to implement new privacy and payment rules of their own. Merchants in California, for example, are bracing as the state prepares to launch its California Consumer Privacy Act (CCPA), due to debut in January. The act gives rights to the state’s 40 million residents that are similar to Europe’s SCA and GDPR rules.
The authentication challenges that SCA presents to merchants and their payment partners mean that many must significantly restructure the ways they treat online payments.
SCA awareness is still one of the top problems faced by payment providers in the EU, as many consumers and merchants aren’t completely knowledgeable of the rule.
In an interview with PYMNTS, Paul Adams, director of payment acceptance for card acquirer Barclaycard, explained how awareness is only half the battle for EU payment players, however. They also must also comprehend how SCA will affect merchants and end customers as both become more familiar with it.
A Mastercard survey conducted pre-SCA deadline found that only 25 percent of online merchants were aware of SCA requirements, and of that group 24 percent said they have no plans to support the requirements by the deadline.
This disconnect was further illuminated in a recent survey by Riskified. The PSD2 optimization company found the vast majority (88 percent) of retailers believe that most consumers are at least somewhat aware of the new regulations.
That isn’t the case, however. Over three-fourths (76 percent) of consumers in Europe had never heard of PSD2. Lack of awareness was most pronounced in France where 81 percent were unfamiliar with PSD2. Consumers in Spain (76 percent), the U.K. (74 percent) and Germany (73 percent) were closer to the average.
Additionally, roughly one-third (32 percent) of European consumers said they would cancel an online order before going through the multi-factor authentication process required for purchases over €30.
Retailers in Germany were behind their Western European counterparts in taking steps to minimize the negative impact of PSD2 on their online sales. One-third (32 percent) have not taken action compared to 82 percent of retailers in France, Spain and the U.K. who are doing something to fight a drop in conversion rates.
SCA awareness is thankfully high among the payment providers tasked with executing and communicating the mandates to businesses and consumers.
The Benefits of SCA
PSD2 and SCA skeptics can look to the results of GDPR regulations, which were introduced to Europe in April 2018 and have had more time to be accepted.
A recent study found that GDPR-compliant companies are outperforming their noncompliant competitors by as much as 20 percent, and 92 percent of retailers agree the rule has given them advantages over industry rivals. Compliant firms are also seeing increased consumer trust, engagement and satisfaction. Most tellingly, 83 percent of retailers report an increase in online purchases since GDPR went into effect. Only 63 percent of compliance laggards said the same.
Those who are now SCA-compliant and turning their attention to the future and exploring benefits that PSD2 can offer. The next step could be increased interest in open banking capabilities.
A recent survey found merchants are increasingly seeing open banking as an innovation opportunity rather than another exercise in compliance. Eighty-six percent of merchants considering open banking say they are at least somewhat confident it will open up new opportunities.