Are you compliant with the new Strong Customer Authentication rules?

As the appetite for digital shopping keeps rising, so too have the opportunities for online fraud.

During the pandemic, cases of fraud rose by a third, with more than 410,000 incidents reported to Action Fraud in 2020, of which more than 103,000 concerned online shopping scams.

In fact, the ONS crime statistics included more than four million cases for the same time period - indicating only a fraction of victims report crimes to the authorities.

In an attempt to reverse this trend and put the minds of new and old online customers at rest, governments, banks and social media giants around the world are constantly working on a variety of security measures to offer more protection.

One of these is the Strong Customer Authentication (SCA), the rules of which came into effect in March 2022.

Although it is one of the biggest changes to payments regulation since Chip and Pin in 2006, worryingly, many retailers are still not fully compliant with the rules, resulting in hundreds of millions of pounds worth of lost sales. Likewise, many customers are not aware these changes have even happened.

Here, SQLI, takes a closer look at what it means for your business.

Jonty Sutton, SQLI UK CEO

What is Strong Customer Authentication?

SCA is a form of two-factor authentication designed to improve payment security online.

New rules under the Payment Service Directive 2 (PSD2) mean consumers must confirm their identity for all online purchases over £30, with SCA putting in extra steps for card transactions to reduce ‘card-not-present’ fraud.

As of March 14, 2022, non-compliant card transactions online will be declined as the Financial Conduct Authority (FCA) enforces the new rules.

When a payment requires SCA, two authentication types from three possible options are needed. These are:

  • Something only a customer knows, such as a security number or password
  • Something only a customer has, such as a card or phone
  • Something proving who a customer is, such as a fingerprint or face recognition

How businesses are losing out

Last month, data from Barclaycard Payments - which processes £1 in every £3 spent on credit and debit cards in the UK - showed UK retailers missed out on £130m worth of sales through not being fully-compliant with the new SCA rules since they came into force. More than 22,000 transactions a day, worth £4.3m, were declined in the first month.

Furthermore, two in five online businesses have not introduced any new payment technology on their online platform in the past two years. A huge 92 per cent of those that had introduced new tech said the investment improved the checkout experience for their customers, with benefits including in-depth analysis of where and when basket abandonment took place.

Transaction data from Barclaycard Payments also showed 93 per cent of transactions that went through the Barclaycard Transact platform were approved on the first attempt, compared to just 49 per cent going through less-secure, non-SCA compliant channels.

Rob Cameron, CEO of Barclaycard Payments, said: “…it’s clear that too many businesses are still not compliant and are losing out on millions of pounds in sales as a result.

“The message to retailers is clear; prioritise SCA compliance, simplify the customer journey and take advantage of the latest payments technologies to avoid losing out on sales and customers.”

What now?

If you are have not met SCA requirements, you may be missing out on sales and losing customers who have their payments declined and leave in frustration.

Online retailers may need to change their payment processes in order to meet these requirements and could be expected to work with their payment providers to ensure their business is compliant and changes are made to their digital platforms.

SQLI’s UK CEO, Jonty Sutton, said: “Some customers have noticed that they are being asked to authenticate their recent transactions without knowing why, while others are simply giving up at the checkout when asked for the extra layer of security.

“The data from Barclaycard Payments shows how much merchants have been losing in sales so far. It’s up to online retailers and payment providers to help make this transition as seamless as possible and do all they can to fulfil the requirements, update their payment systems and educate customers.”