written by
Madeleine Helme

Strong Customer Authentication and how it will impact your business

Ecommerce Websites 2 min read
Strong Customer Authentication (SCA) comes into force on 14th September and it's a new regulation for authenticating online payments.

There’s a lot to think about when it comes to running an e-commerce store. Things that come to mind might include creating your website, supplying your products, writing product descriptions, and arranging shipping. What might not come to mind are the regulations you need to follow when selling things online. One regulation that has recently come into play is strong customer authentication (SCA).

Read on to find out what this is and what it means for your e-commerce business.

What is strong customer authentication?

SCA is a new European regulation that online sellers must adhere to by 14th September 2019. It is designed to make online payments more secure and to reduce the risk of online fraud. Sellers will be required to add additional authentication steps to their checkout process by requiring two of the following three things from the customer:

  • Something the customer knows, e.g. your PIN or password
  • Something the customer has, e.g. your credit card or phone
  • Something the customer is, e.g. fingerprint scan or facial recognition
What is strong customer authentication?
Source: FICO Blog

Those payments that don’t meet these guidelines will be declined by the bank or payment provider.

Does my e-commerce website need SCA?

If you are operating an e-commerce store within Europe, then SCA is likely to affect you. The European regulation states that strong customer authentication is required on all “customer-initiated” payments made online. If a customer pays for a transaction by credit or debit card, PayPal, or bank transfer, then SCA will apply.

“Merchant-initiated” payments, such as subscription fees and direct debits that are automatically taken from the customer’s account, will not be affected by SCA. Customers can also whitelist online businesses to indicate to their payment provider that the business is trusted and that authentication is not required.

There are other exemptions to SCA that may be applied to the following transaction types:

  • Transactions deemed as “low-risk”
  • Low value transactions – below €30 (approx. £27)
  • Recurring payments – authentication may only be required on the first payment
  • Corporate payments

How will this impact my e-commerce business?

As an online retailer, you will be required to update your payment process to meet these new regulations. How simple this is will depend on your current payment process. Many online shops use 3D Secure to process payments securely. The new 3D Secure 2 is now available to help retailers comply with SCA. It is better to get prepared for it now so that you’re ready for the September deadline.

One concern from e-commerce website owners is that SCA will decrease their online sales. Cart abandonment is a big challenge for e-commerce stores, and adding extra steps to the checkout process typically makes this more likely. 3D Secure aims to make this process as smooth as possible to counteract this problem.

It can also be seen as a positive, though. Some people are still uneasy when handing their payment details over online. If the customer knows that these additional security and authentication measures are in place, then they might feel more comfortable buying from those websites that comply with it.

Online payment providers like PayPal and Stripe can support you with the changes required to comply with SCA. If you have any questions about strong customer authentication and how to avoid cart abandonment, get in touch with us at Vitty.

Strong Customer Authentication Ecommerce