The Cost of Friction Versus Security with New SCA Mandates
In Europe, digital retail payments were to become more secure and less susceptible to fraud with the introduction of SCA. Yet a new standard for competition is being set for payment service providers to create SCA payment flows with minimal friction.
With the continual rise in the adoption of digital payments, exasperated by the pandemic, it has been incredibly difficult for merchants to keep pace with the growing security requirements and increased transaction volumes. Whereas physical transactions carry stronger processes such as a dynamic token generated by the card’s chip, many online transactions are completed without any form of secondary customer authentication.
SCA (Strong Consumer Authentication) is an additional layer of authentication aimed to provide a solution to this issue and make payments more secure and less susceptible to fraud. Established by the European Banking Authority (EBA), all payments of over a certain value will be required to go through the SCA mandate, as of the start of 2021. This threshold varies based on the fraud rates of the acquiring bank facilitating the transaction.
Although many may think this directive is only for those in the European Union, this also applies to merchants headquartered in the United States or elsewhere who go through an acquirer that is in the EEA to reach European consumers.
The SCA authentication process requires two of the three authenticators in every transaction during the checkout process. These three include:
- Something the customer has, such as: a hardware token or one time use password sent to the customers mobile device or email.
- Something only the customer knows, such as: a static password, personal ID number, or PIN.
- Something the customer is, such as: biometrics, fingerprints, or facial recognition.
The disadvantage to this added layer of security includes the possibility of consumer friction. With the implementation of new security procedures to the checkout process, many returning customers may feel agitated by the added friction they will be experiencing. Customers desire an easy, quick, and smooth checkout experience when they choose to digitally order their goods, adding multiple steps to this process could potentially deter traffic. Merchants must adapt methods in which SCA payments are successfully completed with minimal customer friction to remain advantageous among competitors.
For merchants and issuers this means supporting multiple SCA compliant authentication methods and giving consumers options which they can choose. Merchants may now be more inclined to switch acquirers if they can find one with a lower fraud rate, meaning the value of transactions that require a step-up or friction for SCA is higher.
For acquiring banks, this means increasing internal fraud and risk management capabilities and screening merchant transactions before submitting for processing. We may even see acquirers walk away from merchant clients if they are too much of a burden on that acquirers overall fraud rate, which could lead to the threshold for requiring SCA with friction going as low as €30.
For more information: