Online Transactions Set for September Shake-Up

Share This Post
Share on facebook
Share on linkedin
Share on twitter
Share on email

According to the statistical office of the European Union, 60% of EU individuals made an online purchase last year.

Looking specifically at the UK, that figure rises to 83%.

This trend is increasing and whilst online sales growth brings opportunity, it is not without consequences. Criminals are moving into digital channels to the extent that online fraud is now the most common form of crime in England and Wales, according to the Office for National Statistics.

Enter SCA.

Strong Customer Authentication

This time last year the EU adopted the General Data Protection Regulation (GDPR). It was a much-hyped piece of legislation created to force companies to protect an individual’s data.

Launched with threats of large fines for offenders, which failed to materialise, GDPR is probably best known for its annoying pop-up windows all over the web.

So, in a bid to provide further security, PSD2 regulation will be introducing Strong Customer Authentication (SCA).

Applied across Europe, the SCA regulation aims to reduce online fraud by increasing the number of payments subject to two factors of authentication.

So, from September 14th 2019, when you make an online payment the transaction will be authenticated based on the use of two or more different factors:

Something you know – such as a password
Something you have – such as a mobile phone or smartwatch
Something you are – such as facial recognition or a fingerprint

SCA Exemptions

Not all transactions are required to adhere to SCA. Key exemptions include:

Payments under €30

Transactions below €30 will be considered “low value” and may be exempt from SCA. Banks will, however, need to request authentication if the exemption has been used five times since the cardholder’s last successful authentication or if the sum of previously exempted payments exceeds €100.

Recurring payments exemption

Recurring payments of the same value to the same business (such as subscriptions and membership fees) may be exempt, although SCA will be required for the customer’s first payment.

However, payments such as a utility bill where the value changes each time will not benefit from the exemption.

Low-risk transactions

If a transaction is considered to be low risk, an exemption could apply. However, it comes with a complex set of conditions.

Whitelisting exemption

When a payment has been authenticated, the individual may have the option to ‘whitelist’ a business to avoid having to authenticate future purchases. Subsequent transactions with the whitelisted merchants are likely to be exempt from future authentication.

While exemptions will ease friction, the individual’s bank retains the final authorisation decision, as they do today.

The changes introduced by this new regulation will affect online business in Europe. As an indication, India introduced a similar regulation in 2014 and overnight conversions dropped by 25% due to the additional authentication steps.

However, while shopping basket abandonment and conversion rate decreases are concerns, the prospect of improved authorisation rates and a reduction in fraud losses should be viewed as positive.

In this online world moving rapidly towards mobile devices, SCA will encourage the adoption of biometric security in wallet services like Apple Pay and Google Pay and will no doubt lead a charge towards more user-friendly authentication experiences.

Although SCA presents further regulation changes that businesses must adapt to, the long term benefits of reducing cybercrime are worth the short term pain.

About the author...

Want the inside scoop from Hedgehog headquarters?

Sign up for our newsletter today.

More To Explore

How much extra revenue could you generate from SEO?

Simple 1-minute form shows you how much additional income you could generate with SEO

Subscribe to our Newsletter

The information you have provided in this form will allow Hedgehog to occasionally contact you via email about any related products and services, such as new reports, resources and relevant content from across our blog. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our privacy policy.