As The SCA Deadline Approaches, Issuers Struggle With Preparedness

The end of the year marks the deadline for European migration to strong customer authentication (SCA), a 15-month extension from the original deadline.

But the change, originally mandated by the Revised Directive on Payment Services (PSD2), may catch more than a few firms across the merchant, acquirer and issuer spheres unprepared, according to Spencer McLain, vice president and general manager of EMEA at Ekata.

The comments, as part of a Masterclass on ongoing implementation of SCA, came against a backdrop where, earlier in the year, McLain had told PYMNTS that merchants simply weren’t ready.

Now, he said, “merchants are about as ready as they are going to be.”

Does that mean the industry, as a whole, is ready? Not yet, according to McLain, who noted that there will likely still be pain after the deadline — but most stakeholders will adapt in the first quarter of next year.

The Question Mark

So, merchants are as ready, acquirers are ready, according to McLain, and the question mark is whether the issuers are ready.

“It’s hard to say if they are,” said McLain, who added that some issuers have gotten their arms around the shift to multifactor authentication to make online purchases more secure, and some are wrapping things up.

And for the payments ecosystem as a whole, false declines are riskier as merchants encounter a growing population of individuals who have never bought goods or services online before.

These nascent online shoppers represent a “brilliant market opportunity for every eCommerce company that’s able to give those customers a good experience and make them lifelong customers,” said McLain.

But the opportunity is a fleeting one — as 32 percent of consumers who have been falsely declined will stop shopping with a particular merchant.

For the merchants and the issuers, there’s a thorny challenge in place, said McLain, as these new-to-online-shopping consumers do not have any history of buying online (and thus assessing risk). And eCommerce firms have to navigate the delicate balancing act of preventing fraud but accepting new customers, too — all as transaction volumes swell into the all-important holiday shopping season.

In the drive toward the trade-off between risk assessment and customer experience, said McClain, merchants can gain better control of friction as they seek to reduce false positives.

Merchants, he said, need to realize that SCA need not be applied to all of a merchant’s online traffic.

“In fact, it doesn’t even need to be applied to half of your traffic,” said McLain.

He said that, in general, online merchants are expecting to see about 25 percent of their volume require SCA.

He advised that merchants work closely with their payment service providers to maximize exemptions. Acquirers, he said, are obligated by the new regulations to perform transaction risk analysis.

“Merchants should share data with their acquirers,” he said, “including names, addresses, phones — in fact, share more than is required,” so that the risk analysis can be robust, and the percentage of transactions that are exempted can be increased.

The X (Border) Factor

Ultimately, as cross-border commerce returns, we may get a sense of frictions inherent in transactions that cross currencies and time zones, said McLain.

Cross-border commerce, he said, will illuminate which countries are prepared for the upcoming deadlines — but there’s little uniformity here, as not all countries are going “live” with SCA by the end of this year (France, for example, has a March 2021 implementation deadline, the U.K. in September 2021).

“In this ‘soft launch’ that’s happening now, it’ll be interesting to see how these authorization rates differ by country,” McLain said.

He noted that in some countries, such as the Netherlands, things won’t change much, as SCA is already an inherent part of the online checkout process.

Data And Models

Robust risk analysis (and exemptions), of course, need data. And data modeling can help reduce false positives while improving the overall payment flow.

McLain noted that digital-first companies should optimize their internal data, and where necessary work with external providers (including Ekata) to gain actionable insights contained within that data through standardize mechanisms that allow merchants to share information across acquirers and issuers.

“We should be looking at SCA as an opportunity to share intelligence with the issuers,” he told PYMNTS, adding that effective use of SCA and exemptions will help merchants reduce frictions, “which ultimately will reduce false declines and increase conversion rates across the board.”