As implementation of the EU’s Strong Customer Authentication (SCA) moves from a “soft” to “hard” state – that is, with liability transferring to those merchants that don’t employ SCA – reports of mixed experiences are filtering through to Payments Cards & Mobile.
SCA was introduced by the EU and the UK under the provisions of the second payment services directive (PSD2) from January 2018.
Since March 14th, 2022, liability for fraudulent transactions that do not use SCA has transferred to merchants. This deadline follows a previous end-date which was not met by merchants and expired in September 2021.
On the one hand, checkout.com report that 88% of European merchants have seen a positive effect on cart abandonment from SCA.
Checkout.com also say up to 92% of online transactions in leading markets such as the UK, Germany and France now employ security methodologies that involve SCA.
Also on the plus side, it’s likely true that adopting a smart exemptions strategy – allowing trusted buyers who repeat purchases and are identified through multiple factors to shop without increased authentication – can help to further enhance the positive impact of SCA and reduce user friction.
However, an entirely credible new study from Open Banking provider Nuapay claims that 99% of UK merchants have seen an increase of at least 5% in payment declines (with an average 37% decline) following the introduction of Strong Customer Authentication.
Nuapay’s survey of merchant decision-makers also found that almost two-thirds (62%) were dissatisfied and felt there was still room for improvement.
Brian Hanrahan, CEO of Nuapay’s Business Division, said: “SCA regulations have been far from the silver bullet that regulators might have hoped, creating serious checkout friction and frustration for consumers and lost sales for businesses.”
On reading the Nuapay study, EU regulators would no doubt say PSD3 will answer merchants’ concerns.
Planned for implementation in 2023/24, PSD3 intends to further strengthen the provisions of SCA introduced under the bloc’s second payment services directive, or PSD2. Such further strengthening is something a third of merchants say they want to see.
The blunt truth, however, is that cards may just not be fit for purpose when it comes to digital payments in the longer term.
Developed at a time when the internet was still just a twinkle in Tim Berners-Lee’s eye, cards are now merely one of a multiplicity of ways to pay online.
What’s more, some say they are by no means the most secure, with Account-to-Account payments (A2A), digital wallets linked directly to accounts and others all boasting bank-account level security.
That said, current custom and practice mean that some 70% of consumers prefer cards as a form factor when shopping. So while cards may not be optimal, it looks as though we’re stuck with them – and the fraud and security risks they represent – for the medium-term at least.