What is Strong Customer Authentication and how will it affect my business? Changes were due to come into play on the 14th September 2019, however several countries have announced that their implementation will be temporarily delayed.
When the new regulations for authenticating online payments are introduced in Europe, they will make shopping online even more secure for the customer. Here we discuss in further detail what Strong Customer Authentication (SCA) is, how it could affect your business and what measures you can put in place to accommodate the new rules.
What is Strong Customer Authentication?
SCA is new a new regulation requirement in order to reduce fraud online and make purchasing online more secure. Once this new regulation is live, you will need to ensure that your checkout meets the required level of authentication. If it currently doesn’t, you will have to build additional authentication into your checkout process.
For a payment to successfully be processed, SCA requires the authentication to use at least 2 of the following elements:
1. Something the customer knows (This can include a PIN code or Password) 2. Something the customer has (This can be a code sent to a mobile phone) 3. Something the customer is (This is completely unique to the person and can include face recognition or fingerprint).
By including at least 2 of these elements, you are ensuring the payment is genuinely being made by that person.
Currently online payments often require 3D secure- this is when the customer is prompted by their bank, once they have made a payment online, to provide additional information such as entering a one-time code which is sent to their mobile or a password. The new regulation is building on this, taking it one step further to ensuring higher security.
When is SCA required?
Strong Customer Authentication (SCA) will be required for online payments that are “customer initiated” within Europe. Therefore, this will include the majority of card payments and all bank transfers.
SCA will be required when both the company and the customer are located with the EEA (European Economic Area). Please note that currently it is believed that the new regulations will still take place in the UK regardless of the outcome of Brexit, so online companies need to be aware of this change.
When is SCA not required?
There are some cases where SCA will not be required. Certain low risk transactions and transactions of a low amount (e.g. Under €35) may not require the additional security measures.
Other exemptions may include subscriptions, trusted beneficiaries (where customers could have the option to white list certain businesses they trust) and phone sales. Despite these being possible exemptions, it is not guaranteed. At the end of the day, it will be the customers’ bank who determines which payments can be made exempt. Bearing this in mind, you will need to be prepared for SCA and not rely on these payments being exempted.
What are the next steps?
If your business will be affected by the new regulations, we recommend that you start preparing for it as soon as possible. Unlike the current authentication which adds another step to the customer checkout, the new regulation is attempting to minimize the friction during the checkout process and make it as smooth as possible whilst still being more secure.
It is important to be aware that payment methods such as Apply Pay and Google pay already support the new regulations as they both have a layer built in which requires your fingerprint or password. Using these methods is one-way businesses can offer a smooth check out experience but still meeting the new regulations.
If you need any more information about the new regulations coming into effect later on in the year, or would like to discuss any changes to your checkout to accommodate these changes then please contact the DBS web development team on 01522 811688 and we would be happy to help.