Strong customer authentication for ecommerce businesses

Learn about Strong Customer Authentication for ecommerce businesses

Link to the author's page
Adel Naamneh
October 31, 2023
Link to the author's page
Strong customer authentication for ecommerce businesses

It’s been a busy year for regulators, retailers, and payment service providers as the industry prepared for the Revised Payment Directive, otherwise known as PSD2. This revised regulation aims to make electronic payments more secure for businesses and consumers.  

In a nutshell, PSD2 is the revised directive of PSD1 which was first introduced in 2009 and was designed to regulate payment services and payment service providers in the EU. But exponential growth in ecommerce along with technological advancements in the last decade required that the directive be updated to conform to changing consumer trends.

What is strong customer authentication? 

Strong Customer Authentication (SCA) is a mandated security measure by the European Union involving contactless, online, and mobile payments. Part of the revised Payment Services Directive (PSD2), SCA aims to improve the efficiency of the one-time-password (OTP) notification system.

To accept payments while following SCA regulations, you need to implement supplementary authentication layers within your checkout process, using a combination of at least two out of the following three elements: a password or PIN, an authenticated smartphone, or a biometric identifier such as a fingerprint.

What’s the impact of PSD2 on consumers?

The directive is, first and foremost, still meant to enhance customer protection and security for online transactions. Fraud continues to be a growing problem for ecommerce transactions in large part due to the growth in ecommerce, the increased flow of money, and consumers’ widespread adoption of smartphones and mobile payments. According to the latest research on online payments and fraud, card-not-present accounts for 60-70% of all card fraud in developed countries.

As part of the regulation, businesses are now required to implement added layers of security to payment transactions, also known as Strong Customer Authentication (SCA). With SCA, consumers will be at the center of the transaction. Customers will be asked to perform additional steps or provide additional information before a transaction can successfully go through. Customers will be required to prove their identity with either inherence-based (fingerprint or voice), knowledge-based (pin or password), or possession-based (device) authentications.

According to a FICO survey, consumers have already started to express concerns about the various factors that could get in the way of successful authentication and completing their transactions. For example, when asked which factors could prevent someone from receiving a one-time passcode to their mobile device, responses include: “It would be too complicated,” “I have poor mobile coverage,” “I wouldn’t trust a passcode sent this way,” and “I might run out of battery,” among other reasons.

In the immediate term, the additional authentication step will introduce more friction and impact the shopping experience, but the long term upsides will far outweigh the inconvenience. For one, through SCA, banks can better identify a person as the cardholder, reducing fraud risk for both the customer and the merchant. As financial and technological entities get more sophisticated – and aligned – consumers will start to see a better user experience with features like single-sign-on functionality, allowing consumers to authenticate and purchase from all their devices.

Another major reform with PSD2 will be the move towards Open Banking, which allows third parties (such as new fintech services or apps) to be able to access customer information that was previously only accessible to the banks. Under this, the directive will promote healthier competition among financial institutions by leveling the playing field and ultimately gives consumers more control and choice of their financial service providers.

What can merchants do to help their customers?


Merchants should educate their customers and help them understand the reasons for additional authentication, including what’s changed and how this will add greater security to their payments.  Additionally, merchants should walk customers through the various kinds of security layers they will soon see and offer tips on readiness, like device upgrades or software updates.

Merchants should also take this opportunity to remind customers of other ways they can expedite the checkout journey, such as saving card details or setting up new payment methods like Apple Pay or Google Pay that can speed up the process – tactics that can help offset the added authentication step. Giving shoppers the heads up will mitigate frustration and can prevent any surprises during the transition.  

The future of ecommerce regulations

Starting from October 1, 2023, Visa will raise fees by 0.025% for online purchases in Europe that don't use specific methods:

  • Visa network token (also known as "EMV Payment Token")
  • 3D Secure authentication ("Visa Secure")
  • Apple Pay or Google Pay

This means that any transactions in Europe using the Primary Account Number (PAN or FPAN) of a Visa card will have an additional 0.025% fee, which might lead to higher costs for clients handling payments in Europe.

By adjusting fees, Visa is encouraging the use of network tokens. In the US, Visa reduced interchange fees for eligible merchants to promote token usage, but now in Europe, they're adding a fee for merchants not using network tokens. 

To safeguard your business from this change, the simplest solution is to set up Visa network tokens for all eligible cards, which is something Checkout can help with. It’s worth noting that this change will mostly affect businesses with regular payments in Europe. 

While some cardholder-initiated transactions (CITs) may be exempt due to 3D Secure requirements, Visa's focus here seems to be on merchant-initiated transactions (MITs), where merchants initiate the transaction, like in a subscription-billing model.

How Checkout.com can help with SCA for ecommerce

Strong Customer Authentication is essential, but there are some complexities you may need to navigate. That’s where Checkout.com can help. As your payments partner, we can help your business fight fraud, improve authorization rates, and create a better authentication experience for your customers – all while remaining SCA compliant.

Have more questions? Get in touch with a Checkout.com payments expert today.

Stay up-to-date

Get Checkout.com news in your inbox.

Back to top button
October 31, 2023 2:52
October 31, 2023 10:05