Are Retailers prepared for Strong Customer Authentication?

Strong Customer Authentication (SCA) is being brought in by the EU as a means of better securing electronic transactions. This standard will apply to all online payments and transfers made in Europe. It is based on the three principles of “something you know” (such as a password or PIN), “something you have” (such as a payment card or cellphone), and “something you are” (relating to measurable unique biometrics such as voice, fingerprint, or face), a minimum of two of which must be presented for each transaction.

SCA is a response to PSD2, the second version of the Payment Services Directive that was launched by the EU in 2007, and since the requirements went into effect in 2019, ahead of a final deadline set in 2021, countries around Europe have acted to ensure their financial institutions were compliant. The directive was introduced in order to increase the security of electronic payments, particularly given the growth in the popularity of cashless transactions. France achieved full enforcement of SCA by May 15th 2021, with the UK following suit on 14th March 2022 [1]. The adoption process had been delayed in many areas due to the exceptional circumstances brought about by the Covid pandemic.

The Challenge For Retailers

Whilst the requirements of SCA undoubtedly offer the customer great benefits in the form of increased security, the changes are also posing challenges for retailers. The new requirements have already demonstrated the problems of a poorly managed transition, as an “early enforcement” in February 2022 which was promoted by the FCA resulted in retailers having £3.64 million worth of transactions declined during that month [2]. The issues may be largely attributable to a lack of compatible technology being used by card issuers or PSPs.

So, Are We Ready For SCA?

With Adyen finding that just 44% of businesses were prepared for the enforcement deadline [1], it seems that there is still plenty of work to be done. However, the good news is that the groundwork in preparing the consumer has already been underway for a while now, due to the many delays. Where card issuers adopt biometric authentication as a way to ensure compliance, they will likely find that users’ familiarity with such technology will help to engender trust. After all, smart devices such as cellphones have been employing facial and fingerprint recognition for many years now, so extending the use of a fingerprint sensor to the contactless smart card makes sense. Recent research conducted by IDEX shows that 81% of consumers are ready to use their fingerprint on payment cards rather than a PIN and 86% believe that this technology is secure.

Evolving The Contactless Smart Card

There is no question that the arrival of SCA is proving disruptive to the payments industry, but the regulations also give institutions an opportunity to future-proof their business. By building highly secure fingerprint sensors into payment cards [3], institutions can meet compliance while attracting new customers. Easy to use and offering additional benefits such as eliminating transaction limits and the need to remember a password or PIN, this makes for a quick, convenient customer experience. Indeed, this evolution of the contactless smart card could be the answer to a seamless transition to meeting SCA under PSD2.