Strong Customer Authentication or SCA: is Europe 3D secure (2.0)-Ready?

As part of a European Union mandate called the Revised Directive on Payment Services, or (PSD2), merchants operating in the EU economic zone must use payment service providers within the European Economic Area that offer what is known as strong customer authentication. This is also sometimes referred to as the SCA requirement or the PSD2 compliance. In essence, this directive ensures that transactions occurring within the EU’s economic territories make use of multi-factor authentication in order to verify a buyer’s identity. Whereas physical cards have strong authentication elements through the tried-and-true PIN and chip system, virtual transactions are fraught with more opportunities for fraud and misuse because of the relatively lower threshold of identity verification required to participate in a transaction. Though first proposed in 2019 the EU allowed for a staggered implementation on a country-by-country basis thus allowing a final December 31, 2020 compliance date by which all member countries will have agreed to the implementation of the directive’s strong SCA requirement. The directive applies to situations wherein a user can access an online account, initiate an electronic payment, or perform any financial transaction using third-party networks that could potentially expose that user to fraud or abuse. It further defines strong customer authentication as a process whereby two or more elements are used to verify the person’s identity and permission to perform the initiated online transaction. For Internet users and the customers of online merchants, the benefits of this strong customer authentication are fraud prevention and a superior experience on both ends of the transaction. While many payment providers initially balked at the aggressive rollout of PSD2 compliance requirements for strong customer authentication, the impact of the 2020 economic situation and COVID-19 accelerated harmonization across processing providers in the European Union as the volume of online transactions grew concomitant with the new demand for online services and transactions. The standard for strong customer authentication (SCA) that has emerged is 3D Secure 2.0. Though preferred, experts report that it is not necessarily robust in all of the ways envisioned in the directive thus leading to some friction between major proponents of 3D Secure 2.0 and payments processors such as Mastercard and Visa. A requirement since September 2019 and with a final implementation date through the end of December 2020, the implementation is now in the phase known as a requirement. That translates into most major providers such as Mastercard and Visa, among others, requiring PSD2 compliance in order to utilize their third-party payments processing networks. Mastercard points out that merchants should prepare for an immediate migration to EMV 3DS while those merchants in the now fully EU-exited United Kingdom face a September 2021 deadline for compliance. Further, France is extending regulatory compliance for some companies on a case-by-case basis through the end of March 2021. While the challenges of meeting regulatory thresholds is often seem daunting, the benefits of SCA and adhering to the PSD2 compliance for both merchants and online users are manifold and evident in reduced fraud and chargebacks. A recent survey carried out by global management consulting company Deloitte showed that a significantly vast majority of firms’ human and financial resources have been redirected to responding to PSD2 from a compliance standpoint. This is done in order for companies to meet regulatory deadlines. As a result, it was established that 75% of the firms the company interviewed state to be broadly confident about their readiness to comply with the PSD2 primary legislation requirements which became enforceable in January 2021. From a business and strategic perspective, 59% of firms report that PSD2 to be an opportunity for their business. It was reported that many firms plan to actually proactively embrace PSD2 and use it to drive their digital transformation. Reshaping digital business models is a step forward no business can escape if growth and development are on the agenda. To conclude we feel that it is the right time for firms to start bridging the gap between their strategic aspirations and their strategic plans. Although competitive forces may not be strong initially, they are likely to gain pace rapidly, and firms that have not effectively positioned and differentiated themselves in the market may be left behind. The team of Monneo will be glad to answer any particular questions addressed via our official website. We also encourage you to check our Insights section where we regularly post important information and articles related to digital banking, fintech, and B2B merchant payments topics.