First weekend of SCA sees smooth start as retailer transaction volumes unaffected
Barclaycard, the UK’s leading acquirer, has analysed its transaction data from 14 and 15 September to understand the initial impact of Strong Customer Authentication (SCA) on merchants and shoppers. Its findings offer good news: merchants have not seen an increase in abandoned transactions or declined payments.
SCA legislation came into force at the weekend across Europe and aims to tackle growing rates of fraud and cybercrime. It requires that all EEA transactions go through a two-factor authentication process, unless they qualify for an exemption*. One consequence of this change is that the authentication process will introduce a degree of friction to the shopper journey, which may result in an increase in cart abandonment, and ultimately in lost revenue for retailers. Banks across Europe are expected to ramp up the volume of consumer authentication requests over the coming months.
To help merchants prepare for the changes required by SCA, Barclaycard, which sees nearly half of the nation’s credit and debit card transactions, has launched Barclaycard Transact, which went live over the weekend.
The dynamic fraud protection solution enables businesses to benefit from SCA exemptions: trusted, low-risk transactions will continue to flow seamlessly, bypassing the two-factor authentication process mandated by SCA. In turn, payment acceptance rates are improved, resulting in fewer declined transactions and ensuring a smooth experience for shoppers. Higher-risk transactions requiring further inspection will still go through two-factor authentication, in accordance with the regulation.
Paul Adams, director of acquiring at Barclaycard Payment Solutions, said:
“Our data offers encouraging news for merchants, whose transaction volumes have been, so far, unaffected by the go-live of SCA.
“Barclaycard’s unique position as issuer and an acquirer means that we understand the concerns that both merchants and consumers have about SCA, and the balance the regulation necessitates between customer experience and security.
“We have designed Transact to help our customers get the most out of the incoming regulation, by enabling them to provide a smooth payment experience for their shoppers, while at the same time reducing risk and managing fraud.”
Myth-busting: Common misconceptions about the SCA regulation
- Merchants have until 2021 to act
- While the EBA announced that each member state can apply for extensions, merchants and banks do not have 18 months to invest in solutions. In the UK the FCA is expecting banks to increase authentication requests from February 2020.
- Multi-market and single-market businesses face the same challenges in preparing for SCA
- The EBA’s recent announcement means that the Financial Conduct Authority, the Central Bank of Ireland and each of their European counterparts have the flexibility to impose their own compliance deadlines, as a result country-specific exceptions have the potential to cause quite a lot of confusion. For merchants operating in more than one country, things get complicated, because they could be subject to multiple overlapping deadlines. To minimise any complexity, merchants should work with their payment acquirer to prepare to be compliant.
- Issuing One-Time Passcodes (OTPs) is enough to pass SCA
- The EBA has made it clear that OTPs, like credit card numbers, qualify as ‘possession factors’ under SCA, i.e. a piece of information in the consumer’s possession – not ‘knowledge factors’, i.e. something they know. Those issuers who had planned to use OTPs in conjunction with card details – another ‘possession factor’ – to pass SCA will need to ensure their authentication journey is still compliant.
- SCA will have a negative impact on sales and revenue
- These concerns are not entirely unfounded – while the primary purpose of SCA remains to tackle cybercrime, SCA will introduce friction into the shopper journey, and this friction could lead to an increase in basket abandonment, resulting in a decline in sales. The good news is, with slicker 3DS2 authentication and optimised use of exemptions for low-risk transactions, merchants can mitigate negative impact.