SCA Feature: The new saviour?

22 Apr 2020

Incidents of online fraud are on the increase, with fraudsters using ever more sophisticated techniques to target shoppers paying for goods and services.

According to Jason Tooley, chief revenue officer at authentication platform Veridium, one in five UK adults were impacted by online card fraud in 2019.

The Dedicated Card and Payment Crime Unit, a specialist police unit funded by the banking industry, reported in March that it had prevented £31.2m of fraud and disrupted 23 Organised Criminal Groups in 2019, including taking down more than 1,600 social media accounts linked to fraudulent activity last year.

The regulator has also stepped in to require businesses that transact online to increase the security of payments.

Under the EU’s revised Payment Services Directive (PSD2), the e-commerce and payments industry must implement Strong Customer Authentication (SCA), overseen by the Financial Conduct Authority (FCA) in the UK.

SCA – also commonly referred to as Secure Customer Authentication – requires banks and payment providers to establish that a consumer really is who they say they are through ‘authentication’. This has already been rolled out across Europe back in September 2019.

But the European Banking Authority along with the FCA agreed that, among other things, a “lack of industry preparedness” in the UK meant the deadlines for implementing SCA were extended to 14 March 2020 for online banking and to March 2021 for the payments industry, which includes card issuers, payments firms and online retailers.

Tackling trust

In the meantime, consumers will continue to be at risk of fraud and are likely to be increasingly concerned about their online security.

Will the SCA rules help banks and merchants to re-gain some of the trust that consumers may have lost in them?

Iain McDougall, UK country manager for Stripe, says: “While faltering trust could be a brake on the online economy, given the ongoing growth of online transactions, it’s not clear those brakes are being applied in any meaningful way right now.

“Although some people will have lingering concerns about the safety and security of making online payments, the reality is that a rapidly increasing majority of the population are now used to buying things online.”

Figures from Veridium show that online banking and payment platforms are now used by more than two-thirds of British adults, with 48 per cent using mobile banking.

A spokesperson for UK Finance adds: “Fighting fraud must be a priority for everyone and these new rules will be an important tool in protecting customers, helping keep them safe when they shop online.”

Looming deadlines

While the e-commerce industry has another year in which to make sure it complies with SCA, the worry is that some of these businesses will become complacent.

UK Finance says it has been working with its members to not only prepare for the changes but also to ensure they are being communicated to customers and retailers. It has produced a ‘communication template’ for payment service providers to use to inform customers about SCA.

According to a spokesperson for UK Finance: “The rollout plan agreed with the FCA will help the industry ensure a timely migration to SCA and result in the best outcomes for consumers while effectively balancing both convenience and security.

“The banking and finance industry is working closely with the FCA, retailer groups and other stakeholders to deliver these required changes in a way that minimises any disruption for consumers and businesses.”

Trust erosion

If these industries fail to meet their respective deadlines, the cost to firms could be more than a fine – it could seriously harm consumer trust.

“While SCA can help reduce fraud, it also has the potential to add friction into transactions, and even create transaction failures if merchants aren’t ready by the time the rules come into force,” cautions McDougall.

“Failed transactions and more friction can make for bad experiences, and this also runs the risk of eroding trust.”

He explains: “We’re working closely with merchants and banks, including plans to rollout live testing of SCA in the coming weeks, to make sure we don’t hit a cliff edge at the end of the year.”

“A failure to integrate Strong Customer Authentication demonstrates a disregard for consumer protection – it should have been prioritised long ago and viewed as a business differentiator,” says James Stickland, CEO of Veridium.

What about those banks which only have a few days left to meet the March deadline?

Strickland suggests that if they are to meet the looming deadline, they should be “turning to technologies in the market which have the potential to alleviate the challenges posed by the regulation”.

He adds: “Multi-factor authentication solutions can facilitate financial services institutions to enhance consumer confidence and create a secure experience, while ensuring the customer has a frictionless user journey.”