SCA is a regulatory requirement brought in to protect consumers and businesses from fraud, and to make online payments more secure. In practice, it means customers will no longer be able to check out using solely their credit or debit card details. They will also need to provide an additional form of identification such as a PIN code, a fingerprint or a passcode sent to their mobile phones to verify their identities. This is known as two-factor authentication and is enabled through what is also known as 3D Secure (3DS).
The past year has been incredibly challenging for merchants and as a result, the implementation of SCA may have taken a backseat – but time is running out.
Whilst the regulatory deadline is September 14 SCA will be introduced by UK banks gradually from June 1 for UK online transactions. From this date, all transactions that are not SCA compliant could be declined, meaning revenue loss for those that haven’t prepared.
Businesses with customers in Europe have already had to ramp up their preparation from January 1 under the European Banking Authority deadlines. This European roll-out has revealed some common industry teething issues, resulting in many avoidable payment declines, which the UK market needs to learn from as it approaches its own deadline.
As early as June 1, UK issuers will start carrying out checks to ensure e-commerce transactions are SCA compliant, and any non-compliant transactions will be “soft-declined”. This means authorisation could be rejected and to be re-routed to 3D Secure (3DS) to complete the cardholder verification.
It’s therefore vital that UK merchants use this time to set up and live test their systems with the reassurance that before September 14 payments will only be soft-declined, giving them the opportunity to implement correct SCA requirements.
So, what should merchants be focusing on between now and the September deadline?
- Prepare for the practical deadline (June 1)
- Start using an upgraded version of 3DS (version two)
Many have had concerns that the approval rate for version two is to be lower than version one. However, the latest data showed consistently that both versions’ approvals have reached parity. In some regions, version two even yields better results. Put simply, the upgrade is worth the investment.
- Use wisely
Our advice is to use 3DS selectively for those transactions which carry a higher risk. Some payment providers can help merchants distinguish between low and high-risk transactions to ensure that only the higher-risk transactions are put through SCA.
- Take advantage of SCA approved exemptions
To help businesses prepare for the changes required by SCA, Barclaycard Payments launched Transact, a suite of tools designed to improve payment acceptance rates and reduce friction for shoppers. We’ve also partnered with leading AI-driven fraud prevention solution Kount to develop Transact’s state-of-the-art fraud protection module which will allow users to risk-assess transactions to determine whether they qualify for low-risk exemptions.
- Flag transactions correctly
Analysis showed between 10 percent - 20 percent of CNP (card-not-present) payments are eligible for Merchant Initiated Transactions (MIT) but less than half are indicated correctly and, therefore, are at risk of declines. For this reason, it’s imperative that merchants ensure they have properly flagged “out-of-scope” transactions.
- Test and resolve “teething” issues now
Moreover, as 3DS version two introduces more data, a more thorough validation is performed by the Issuers. Some of the most common errors include wrong data format or missing key data points, which have led to both higher errors and challenge rates. All of these are preventable.
As the deadline fast approaches, compliance is key to ensure businesses do not experience significant loss of revenue opportunities as a result of SCA. Businesses can still prevent this from happening, but preparation must accelerate now. SCA should be a business-critical priority for eCommerce.
For more information, please click here: