Forget Brexit - Are You Ready for Strong Customer Authentication (SCA)?

Jul 24

As eCommerce sales grow stronger year on year, financial security has become paramount for customers, business and financial services. From September 14 2019, transactions made online in the UK for 30 Euros or more will require two forms of authentication otherwise the transaction is declined and sale lost.

What Does SCA Mean Simply?

In order for an online transaction made in the EEA (both business and the cardholder’s bank are located in the EEA) to be approved, the customer will need to prove at least two of the following three elements:

Something they know such as a password or PIN
Something they have such as a phone
Something they are such as a fingerprint or facial recognition.

If customers cannot prove two elements from this list, the transaction will be declined and the sale lost.

Currently payments are authenticated using 3D Secure. A new version called 3DSecure2 will be released this year to meet the new SCA rules.

Is SCA For All Card Payments?

No. Apple Pay and Google Pay already include two layers of security.
Recurring online subscriptions, Direct Debits, card payments over the phone and contactless payments are not affected. It also appears that card details which have been securely stored online by a service such as Stripe may not also be affected as long as they are authenticated at the time of storage and there is clear permission in place from the cardholder, although banks may still use SCA at their discretion.

For multiple transaction under 30 Euros the issuing bank will decide whether to use SCA where there has been multiple transactions and if any are over 100 Euros.

I Own An eCommerce Site - What Do I Do to Avoid Declined Transactions

Find out who your payment processor is and visit their website for more information and what they advise for you and your customers. Ultimately Banks and Payment Processors will begin to inform consumers very soon.

Check with your card processor to see if you can accept Google Pay and Apple Pay transactions and begin encouraging your customers to use this payment method.

Review the checkout process on your website to see where you need to add additional information to the checkout process, especially if a card transaction is declined. Consider ‘failed transaction emails’ which get mailed to your customers or ‘failed transaction messages’ which may appear on-screen in the checkout process.

Consider writing a blog article for your website to help educate your customer what to do and include a link on newsletters leading up to 14 September and beyond.

We will endeavour to update this article with more information towards September 14 2019 . Signup to our newsletter for further updates.