WHAT IS SCA?
Strong Customer Authentication (SCA) is a feature designed to improve the security of online payments. You've probably already experienced it when you were asked to enter a code received via SMS to confirm your online purchase.
The aim is to verify that for each online purchase, you are the one who made the purchase and that it is not an attempt at fraud. To perform this verification, it will rely on two of the following three elements:
- Inherence, an element that characterizes you (fingerprint, facial recognition, etc.).
- Knowledge, an element that only you know (PIN code, password, etc.).
- Ownership, an element that you own (smartphone, USB key, etc.).
On paper, this is good news because it will reduce the online fraud rate for card payments. But in practice, it is more mixed.
Indeed, it represents the addition of a heavy step in the purchase process and already negatively impacts the conversion rate of e-commerce sites.
WHAT'S CHANGING?
A new step has been added to the purchase process and we are already feeling the impact of this new feature. Indeed, conversion rates have decreased and abandonment rates have already increased in most European markets.
One of the most obvious examples in Europe is Spain, where the migration to SCA was done quite quickly, which had a significant impact on e-commerce and especially on conversion rates.
According to CMSPI, an international payments consultancy, the average SCA failure rate is about 33% in Europe, with large differences between European countries (for example, the failure rate is 18% in Sweden and 23% in France).
This is the result of European regulators setting a migration period of 2021 to gradually roll out PSD2 mandates. This has allowed for a smooth rollout leading to impacts that are considered to be under control (within European countries, we see that SCA impacts are drastically reduced in countries that have had smooth, organized and long migration periods).
This system will also have an impact on other functionalities such as "one-click". This functionality is of particular importance to the retail industry. Indeed, it facilitates impulse purchases, which are very important for their turnover. With the SCA, the fluidity of this functionality will be strongly impacted.
This shows that these changes will affect everyone, not just small e-commerce sites.
Another challenge we face is mobile authentication, which doesn't work as well as the standard OTP SMS (One Time Password) authentication until now. In browser mode, the new SCA authentication method works quite well, but in native mode (in-app), many technical issues have been raised regarding the new authentication protocols (-40% conversion rate). Some working groups are already working on this issue to solve this problem.
Over time, the SMS OTP authentication method will be gradually replaced by authentications via the mobile application. However, this raises a maturity issue. On the one hand, on the technical side, where there is still progress to be made, and on the other hand, on the side of the customers who are not used to such a use. It will therefore take time to reach conversion rates equivalent to SMS OTP.
HOW TO REDUCE THE IMPACT?
Fortunately for e-commerce sites, there are alternatives such as the implementation of exemptions that are allowed by the European SCA regulation. Indeed, the regulator has taken into account that strong authentication will not be required for all online payments. One example is subscriptions that represent a series of recurring payments for the same amount and to the same beneficiary.
In order to preserve features such as one-click payment, market participants intend to use exemptions. In the regulation, the condition for applying the SCA exemption is directly linked to the fraud rate. Therefore, it is essential for payment players and merchants to monitor the fraud rate and achieve a low fraud rate in order to be able to offer a frictionless customer experience in payment.
Today, Market Pay participates in various groups monitoring the implementation of the SCA in Europe, such as the OSMP task force, Observatoire de la Sécurité des Moyens de Paiement. We also participate in the GIE CB Fast'R Copil, where we monitor the level of migration of the French market to 3DS2 and SCA, with a particular focus on the conversion rate.
As a member of the EuroCommerce Payment Systems Committee, Market Pay is also monitoring the impact of SCA at the European level.
Even though everyone has been working on implementing SCA since the end of 2020, each additional step in the deployment of the soft decline (to force SCA) negatively affects acceptance rates.
Like Market Pay, it is crucial for payment players to be well positioned in the ecosystem that allows direct interactions and coordination with all payment market players (schemes, processors, banks...).
This migration to strong authentication requires new skills and adapted solutions to maintain the customer experience and the expected conversion rate.
Thanks to the experience of the 3DS2 and SCA migration, Market Pay has acquired valuable and significant expertise and knowledge in SCA management (including exemptions), and is working on its digital payment platform. This tool will allow to take advantage of a digital engine including a fraud tool, to offer dynamic payment pages with a PSP change and a dunning after soft decline.
With this tool, you will have access to a portal available in several languages allowing you to consult the status and details of the transactions in real time, and to apply different actions, such as refunds or cancellations, according to the profiles, allowing you to perform your accounting reconciliation.
In addition to this new solution, Market Pay is a European acquirer with a very low level of fraud and a direct link with most of the major European banks, which gives a unique ability to optimize the SCA and the customer experience in e-commerce.
As you can see, at Market Pay we work daily to support our customers and partners on this subject, in order to secure their revenues.