Strong Customer Authentication (SCA) is designed to provide electronic payments with extra security and reduce fraudulent transactions. It does so by adding an additional authentication step at the checkout; consumers must identify themselves using something they own, know or are.
While designed to keep customers safe and cut fraud, any new steps in the checkout process create friction for consumers. And this additional friction has led to understandable skepticism among the merchant community who fear greater cart abandonment and lost revenue.
Yet just over a year into the rollout of SCA and attitudes are shifting. In fact, our research finds that just 12% of merchants cite a negative impact from SCA.
Why is this the case? The answer, based on our experience working with many different types of merchants, is part technical. Namely, merchants are leveraging the latest technology and access to data to successfully navigate SCA.
And it's part philosophical. We see successful businesses understanding that SCA is more than a regulatory hurdle. Instead, they are elevating SCA from a security conversation into an opportunity to rethink the customer journey, win trust, and gain protection from liability.
Take advantage of the latest enhancements to 3DS2
Much of the initial concern around the impact of SCA stemmed from the experience legacy authentication protocols created for consumers. These early protocols were not designed with smartphones in mind. Consumers were forced to redirect to unfamiliar pages that were typically dogged by slow loading times and frequent crashes leading to customers abandoning their purchase.
This isn't the case anymore though with the introduction of the 3DS2 protocols. Consumers can authenticate in multiple, intuitive ways — using a fingerprint or facial recognition. And merchants can send far more data points about the transaction to the customer’s bank. The risk of the transaction can be easily assessed and, if it does not appear to be at risk, it can go on without any further checks.
Is 3DS2 perfect? No. But the protocols are much better than what came before them. And they're constantly undergoing improvement. So our advice to merchants is to always upgrade to the latest 3DS protocols when available. This will ensure they're delivering the optimum experience to their customers when transactions require SCA.
Build a bespoke exemption strategy
We find those merchants who are successful navigating SCA are typically those that are paying attention to the nuances of the regulation. More specifically, they understand that not every transaction requires SCA.
There are transactions that are out of scope. Such as:
- Recurring transactions
- Installment transactions
- Credentials on file transactions.
And then there are those that are eligible for exemptions. Examples include when:
- the transaction is less than €30
- the transaction is recurring
- transaction risk analysis (TRA) is applied.
Exemptions are the linchpin in the balance between keeping fraudulent transactions at bay and keeping the customer journey as frictionless as possible.
A blanket application of exemptions to all transactions will likely lead to increased chargebacks and have a negative effect on your fraud rate. So, when there is a question of whether a transaction is legitimate or not, 3DS is actually a good tool that should be used in order to detect fraud — especially as 40% of ecommerce businesses cite fraud as their biggest concern in 2022.
Whether you can or should apply exemptions to a particular transaction comes down to the unique circumstances of your business, where and what it is selling, its risk appetite and its customer profile.
Use data to optimize payments processing
To build an optimal exemption strategy, businesses needed to have a deep understanding of their payment flows. And this can only be determined with access to data.
Businesses need to know where their fraud is coming from — which countries, what transaction amounts, what time of day. And, if you are going to really understand your customers’ experience, you need to know the reason consumers are abandoning their purchase, is it because of 3DS or is it because of the many other reasons that cart abandonment occurs?
It's also important to note that optimizing for SCA isn't a one-time project. In fact, few businesses get their strategy right the first time. So it's crucial businesses continue to monitor the data and make adjustments as and when required in order to meet their objectives.
The ultimate goal for businesses is to find the right role for authentication in the end-to-end customer experience. And to keep adapting their strategy as their business needs and priorities change.
Make SCA work for your business
So, are mindsets really changing on SCA? For those businesses that are keeping up with the latest technologies, building bespoke exemption strategies and using data to monitor performance, the answer is yes.