How to Ensure Compliance With New SCA Standards

As part of the European Union’s Revised Directive on Payment Services, Strong Customer Authentication (SCA) is integral to all businesses. Complying with the policies set out by the initiative should, therefore, be at the forefront of merchants’ minds.

On September 14, 2019, new obligations for online payment authentication went into effect as well, and businesses should ensure that payments across the EU are not only secure but easy and efficient. These obligations are expected to be fulfilled by December 31, 2020.

This post provides a guide to help merchants comply with the new SCA standards.

Firstly, it is important to know how to authenticate a payment. At the time of writing this post, the most popular method of authentication for online card payments is through the use of 3D Secure. Based in XML, 3D Secure adds an additional layer of security that occurs after a cardholder checks out.

For instance, during the process of making an online purchase, a customer would be asked by their bank to give additional information. This information may come in the form of a one-time code that is sent to the customer’s mobile phone. Another option for authentication is through a fingerprint if the customer is using a mobile banking application. This ensures that the customer’s identity is verified, as well as their consent to the transaction.

As for other methods of authentication, Google Pay and Apple Pay already have their own means to ensure that customers can make secure online purchases. For instance, payments typically require either a password or a fingerprint to verify one’s identity.

It should be noted that there are exemptions to SCA. For instance, payment providers can request exemptions during the payment process. What happens next is the customer’s bank would get the transaction request, assess the level of risk, and decide whether or not to approve the exemption.

Requesting this exemption is useful when it comes to the flow of customer checkout. This is because the extra authentication steps may put off a customer during the checkout process. Therefore, having exemptions, especially for low-risk payments and purchases, may reduce the customer drop-off rate, as well as lessen the tension between a customer and the business.

Another exemption to take into account is when transactions are below €30, which are considered as low value. However, it should be noted that if such exemptions occur five times since a customer’s last successful authentication, then a bank will need to request authentication. This also applies if the total sum payments that were previously exempt exceeds €100. Each customer’s respective bank has the responsibility to track down the number of times exemptions have been used, as well as decide whether or not to apply means of authentication.

When it comes to recurring payments, SCA is required for a customer’s first payment. Commonly used for subscription-based services, this exemption can help businesses and customers complete transactions at a faster rate.

Another exemption to take into account would be the case of corporate payments. For instance, when business travel expenses are made by an agent, payments can be made using virtual card numbers that are used in the travel industry.

As a business owner, it is integral to also understand that it is the issuing bank that holds the decision to proceed with an exemption or not. When an exemption request gets denied, for example, a customer would be asked to take those extra authentication steps in order to fully comply with SCA. A common solution for this would be to preemptively have authentication during the checkout process.

At Merchant Broker, we are dedicated to helping businesses both succeed and comply with SCA. To contact Merchant Broker and learn more about how our products can help, email info@merchantbroker.com or call 1-888-668-0733.

Uncategorized

Amazon Pay and the Reinvention of Frictionless Transactions

Uncategorized

COVID-19 and its Effect on Traditional Sports

Uncategorized

UberEats Launches Contactless Order Application for Restaurant Dine-ins

Uncategorized

MasterCard Announces Free Cybersecurity Assessments for Small Businesses

Uncategorized

Visa Token Service Champions Secure Transactions Through 28 New Partners

Associations

TIAC
CIFFA
ttc

Card Brands

visalogo
mastercard
amex
Interac-logo
discover-logo
maestro-logo
JCB-logo
union-pay-logo
diners-club-logo

Contact Us

CANADA OFFICE
Merchant Broker
1 King St. West. Suite 4903
Toronto Ontario M5H 1A1

USA OFFICE
Merchant Broker
2450 St Rose Pkwy
Henderson, Nevada
89074
USA

T 1-888-668-0733
info@merchantbroker.com

©2019 Merchant Broker Inc. All rights reserved. Merchant Broker Inc. is a Registered MSP/ISO of the Canadian branch of U.S. Bank National Association and Elavon Merchant Broker Inc. is an Elavon Payments Partner & Registered MSP/ISO of Elavon, Inc. Georgia [a wholly owned subsidiary of U.S. Bancorp, Minneapolis, MN] Merchant Broker is a registered referral partner of Bambora. Registered Preferred Partner of Ingenico e-Payments International. Referral Partner of Global Payments.