Rafiq Ansari

Manager Business Development


Strong customer authentication (SCA) and its effect on the European Market

Strong Customer Authentication

Cybersecurity is an increasingly important part of eCommerce and Digital development. Every day, thousands of online businesses are targeted by hackers. Around 43% of cyber attacks target small businesses and, in just two years, the cost of damage caused due to cyber attacks is expected to reach a staggering $6 trillion. These attacks put private information at risk and expose customers to potential problems in the future. Protecting customers from online fraud should, therefore, be a top priority for all businesses that have an online presence.
Along with targeting online shopping sites and large corporations, hackers and fraudsters regularly go after customers themselves. Online transactions made with stolen cards and fraudulent details cost businesses and customers tens of thousands of pounds every year. Around 40% of consumers around the world have been the targets of ID theft at least once and, as more and more people shop online, the instances of ID theft and fraud are only set to grow.
In an effort to help keep customers and online businesses more secure, the EU (European Union) has introduced Strong Customer Authentication, part of the 2015 Payments Services Directive. Strong Customer Authentication (SCA) will help make online transactions safer and more secure for everyone.

Strong Customer Authentication (SCA)

Strong Customer Authentication will come into action from September 2019. It means that the companies operating within the EU states will have to use a variety of tools and methods to verify customer identity before a transaction is finalized. It is expected that by asking for more information from online customers, banks and businesses will be able to spot fraudulent transactions, thus potentially saving millions of pounds of the consumers and the small businesses every year.

What kind of authentication will be needed?

Following the introduction of Strong Customer Authentication, Europe-based companies will need to update their eCommerce sites to reflect the new stricter policies. The exact authentication needed isn’t stipulated, however, the banks and the businesses could implement it in a variety of ways.
Businesses could opt to ask customers for the information known only to them, send verification codes or tokens to their smartphones or use a physical identifier like a fingerprint or facial ID.
Companies that don’t have the in-house resources to make these changes themselves, can get in touch with an web development company to find out what updates they need to make in order to comply with the new regulation. A company with expert eCommerce developers should be able to assess the current level of a site’s security and make the necessary alterations for the customer authentication process.
All businesses that accept online payments will be impacted by these changes. E-Commerce development companies with a specialization in cybersecurity are therefore likely to be in demand up to the September deadline. So online businesses of all the sizes should act immediately to ensure their compliance with the new regulation.

How to prepare for SCA?

In many cases, the payment gateways that eCommerce sites use will take the necessary action so that the businesses themselves don’t need to. A lot of payment gateways are expected to use 3D Secure 2, an update of the 3D Secure system. During the payment process, the gateway will prompt customers to provide the information needed to meet the new criteria. As long as the information is entered correctly, the transaction will be completed successfully.
Some payment gateways, like Apple Pay, already incorporated the necessary security measures, so it will not be affected by the changes. Businesses should check with the payment gateways integrated into their eCommerce websites if they’ll be impacted when SCA comes into force.

Some Exemptions

There are some exemptions to the new Strong Customer Authentication regulation. Recurring direct debits that are considered to be initiated by the merchant won’t be affected by the new rule. Payments made in person, contactless payments and transactions with a value lower than £30 will also remain unaffected.
Regular customers will probably also find that, after, their initial purchase has been verified by the enhanced system, future purchases from the same retailer can be made without inputting the details again for verification.

Banks and SCA

Pretty much all the banks based in the European Union (EU) states will need to implement changes to their online payment gateways to comply with the new regulation. However, as SCA is open to interpretation, it’s possible that each of the 6,000 banks based in the EU states will implement it differently. This could result in inconsistent online experiences for the customers and may lead them to confusion when the new rule comes into force.

The impact of SCA on the European market

Once SCA is fully implemented, consumers buying from businesses based in the EU states will be able to enjoy more secure online experiences. It may take some time, but, the online shoppers and businesses must adjust quickly to the new stricter criteria.
As cybersecurity is important to everyone who buys and sells online, consumers are unlikely to be put off by SCA, even if the payment process takes a little longer. In fact, as trustworthiness is an important consideration for those shopping online, businesses based in the EU may well find that customers are more likely to choose them over suppliers located in less regulated parts of the world.
Making the consumer safe and secure as much as possible should be a top priority for businesses and regulators everywhere. With the number of cyberattacks and instances of identity theft growing up, any measures that help buyers should be welcomed by retailers, banks and shoppers alike.
If you run an online business and want to ensure you’re fully compliant with the new regulation, now is the time to take action. With SCA due to come into force in just a few days’ time, you need to act immediately if you want to retain your customers, your online trading site and your business. If you do not have a high-quality technical team, it will be better to let some experts do the job for you. After all, your business depends on it.