Keeping SCA From Becoming The Subscription Commerce Kill Switch

Friction is a commerce-killer in all types of businesses, but the risk is especially elevated when it comes to subscriptions and recurring payments, among the hottest areas of the global digital economy. Also, the risk of introducing unnecessary friction into such transactions increases whenever new regulations are involved — rules that promise to bring significant changes to global payments in general.

That includes the European Union’s revised Payments Service Directive (PSD2) and its strong customer authentication (SCA) rules. In a new PYMNTS interview, Ethan Teng, head of growth at payments services provider Recurly, talked about what subscription and recurring payments operations need to do to stay ahead of the game and avoid losing customers from PSD2-induced friction.

SCA Developments

“The main part of PSD2 is strong customer authentication,” he told PYMNTS, and that’s what subscription businesses should be paying close attention to in the coming weeks and months. When SCA was created, he said, it focused on customer-present transactions, not business models that relied on automated, recurring payments. “The subscription model did not have a seat at the table.”

SCA implementation was scheduled for Sept. 14 — less than a month away. SCA stands as one of the most comprehensive global efforts to bring more security to online payments and eCommerce — while also, at least ideally, reducing the friction that can alienate consumers from merchants, financial institutions and payment services providers.

However, things have recently changed, and in a way that can give more businesses more time to figure out how to comply with SCA without introducing unneeded friction into their authentication, transaction and payment processes.

As most PYMNTS readers know by now, the Financial Conduct Authority (FCA) recently agreed to a phased implementation of the SCA rules. The phased implementation will span an 18-month period, and “reflects the recent opinion of the European Banking Authority (EBA), which set out that more time was needed to implement SCA given the complexity of the requirements, a lack of preparedness and the potential for a significant impact on consumers,” the FCA said in a press release.

SCA mandates that some 300 million consumers will need to confirm their identities for most of their online purchases using two of the following: who they are (e.g., a fingerprint), what they have (e.g., a phone) and what they know (e.g., a password).

Recurring Payments Work

That delay is not a break — it just means more time for valuable work to be done, and for businesses and regulators to figure out what works in the SCA space. Moreover, as Teng told PYMNTS, many companies involved in subscription commerce and recurring payments still have some work to do, even if that means figuring out where they stand in this evolving regulatory environment. The price of not doing so? A likely increase, at least in the short-term, of declined recurring payments.

At Teng told it, businesses operating in the subscription realm and who want to stay ahead of the SCA rules need, first of all, to use 3-D secure payments flows in their operations. Next, businesses must be prepared to handle — or let a vendor handle — the network transaction IDs that are key for recurring billing under the SCA regime, he said. Businesses will want to examine if they can grandfather in certain subscription transactions, Teng added. “Each card scheme has public specs about how they do this,” he said. Merchants that offer subscriptions and recurring payments also must prepare for an initial wave of card payment declines under SCA and have a plan and system in place to get customers back to the business web site or mobile app to keep those payments and subscriptions on track.

According to experts, SCA rules will apply to the first recurring payment, assuming it’s for the same amount from the same business, though other exemptions may apply. Certain low-value transactions — say, under 30 euros — also could merit SCA exemptions. As well, Teng said, U.S.-based subscription operations don’t have both a card issuer and merchant acquirer based in the European Economic Area will also get SCA exemptions.

The stakes are high and getting higher. Just consider this: Recurring transactions processed on debit and credit cards in the United States will reach $473 billion by 2021, according to one report. That gives you an idea of how big this market is. However, running afoul of new regulations can serve to deflate even the most reliable payment and commerce trends.