Staying up to date with a constantly changing regulatory landscape can be challenging. The Second Payment Services Directive (PSD2) came into force on 13 January 2018 and the Strong Customer Authentication (SCA) requirements went live on 14 September 2019 for in-store and online payments.
Once implemented, SCA will make payments even more secure. As the number of online shoppers rises, so do levels of fraud. UK Finance estimates that online fraudulent transactions on UK-issued cards totalled more than £393 million in 2018 alone. SCA is therefore designed to guard against the risk of fraud, providing everyone involved in the payments process a higher level of security.
Under PSD2, all electronic payments in the European Union and the European Economic Area (EEA) need to apply SCA requirements.
What’s Changing With SCA?
In practise, this means that customers must authenticate during the checkout process through two discrete elements from three categories. The categories include:
- Biometric - something like a fingerprint or voice recognition
- Customer information linked to something only the customer knows - something like a unique passphrase or identification number
- Device or token specific - uses the mobile device registered with the issuing bank or a hardware token
European banks and issuers will need to challenge and potentially decline the transaction when not properly authenticated. This makes compliance crucial to avoid declined card payments and abandoned shopping baskets.
Here is my list of the top four things SME business owners should consider as part of their preparations:
1. Conduct a thorough payments review
First, comprehensively review all current payment methods to understand the exact steps your business needs to take for SCA compliance. This includes assessing online, in-store, and recurring payment services, with reference to the Financial Conduct Authority (FCA) guidelines.
2. Decide on the correct authentication based solution
Following the recent September deadline, businesses need to support 3D Secure 1 at the very minimum. Taking it one step ahead, 3D Secure 2 adds another layer of security to payments by using enhanced cardholder authentication data. If your payment options don’t support this, contact your cardholder as soon as possible and submit a 3DS authentication request.
3. Check requirements for card terminals
If you rent your card terminals from Global Payments, then we’ve made sure that you’re already prepared for SCA. If you own your own terminal or rent one from another supplier, contact your provider and check requirements.
4. Implement a clear customer communication programme
Regulation changes can be complicated. Thus, clear communication is crucial to ensuring both your customers and staff understand the changes. You’ll want to train your staff on the new regulations and ensure they have the knowledge to reassure your customers. They should also tell customers about any extra security checks – including why the requests are being made and how it works to protect their payments’ security.
With the deadline here, it’s important to re-evaluate payment acceptance, ensuring PSD2 compliance while remaining simple and user-friendly. Changes to the payments process take adjustment – but they also provide an opportunity to renew systems. These changes allow you to create innovative and user-friendly payment experiences that, in the long run, will benefit your SME and customers through increased security and usability.
For a more in-depth review, see our complete guide to SCA here.