Trending: How EU Regulators Are Complicating SCA Compliance

Strong Customer Authentication (SCA) is just weeks-old and already mired in controversy. Merchants in the European Union (EU) are still wondering exactly what changes the regulation will bring when it comes to their relationships with customers. Meanwhile, payment service providers (PSPs) are scrambling to find ways to authenticate these customers without adding friction to online transactions.

Merchants and PSPs are far from the only ones with lingering questions on SCA’s application — regulators in EU countries are trying on to integrate the rule into their national payment processes. It is still a matter of debate on what exemptions, innovations and changes can be left up to national authorities — and what cannot.

In the latest PSD2 Tracker, PYMNTS analyzes the impact of SCA in its first several weeks post-deadline, as well as how merchants, PSPs, banks and other members of the EU payments and eCommerce worlds are responding.

Around the PSD2 and GDPR world

Regulators in many EU countries have their own thoughts on SCA and how long it will take merchants to prepare. The Financial Supervisory Authorities (FSA) of both Denmark and Finland have announced implementation periods for SCA within their borders. The two will create an integration period of 18 months, following recent decisions by other countries like the United Kingdom to apply a period of the same length for their own merchants.

Regulators and merchants may continue to have questions, but some initial concerns about SCA appear to be unfounded, at least at the very beginning of its application in the EU. There were no increases in transaction declines or abandonment within the first two days that SCA was active, at least according to a study by credit card provider Barclaycard. The study may not be able to speak to how transaction rejections might increase within the next year, however.

In GDPR news, the Greek Parliament has passed the rule into law in its country to enable data protection for the online and personal data of its citizens. While the rule has already applied to Greece since 2018, the recent parliament decision refers to the particulars of its application within the country.

For more on PSD2 and GDPR, visit the Tracker’s News & Trends.

How EU Merchants Are Adjusting To SCA

Merchants are having a difficult time figuring out exactly how SCA is going to affect them, mainly because they have been unable to find clear answers on how to comply. Agencies like the European Banking Authority (EBA) as well as national regulators should be able to work to figure out issues concerning SCA’s effect on cross-border payment, mobile authentication and other areas, says Nicolas Adolph, chairman of the European Association of Payment Service Providers for Merchants (EPSM). To learn more about how regulators and PSPs can help merchants with SCA questions, visit the Tracker’s Feature Story.

Mobile Authentication Proves Challenging Under SCA

There are a few particular areas where merchants and PSPs need clarity when it comes to SCA, including authenticating consumers who are using their smartphones. Shopping and transacting on mobile is increasingly popular for EU consumers, and merchants and PSPs need to be well-versed on what authentication methods are or are not compliant with SCA. For more on the struggles with mobile authentication and SCA implementation, visit the Tracker’s Deep Dive.

About the Tracker

The PSD2 Tracker, powered by Ekata, is the go-to resource for monthly updates on the trends and changes regarding PSD2 and other privacy and data protection regulations.