By Rob Crutchington is Director of Encoded
After several delays, the new deadline for implementing full Strong Customer Authentication (SCA) compliance[i]for e-commerce transactions is now on the horizon. From 14 March next year any merchant that fails to comply with the requirements could be subject to Financial Conduct Authority (FCA) fines.
Since the deadline was extended, the FCA has been encouraging e-commerce merchants to work with card issuers to implement SCA. There is a risk that if an e-commerce transaction doesn’t meet the SCA requirements, it could be declined by the card issuer/bank. The result of high numbers of declined transactions could increase costs and complaints, reduce customer confidence and lead to possible reputational damage (as well as the FCA fines).
Protecting merchants and customers from fraud
SCA is a positive change and protects both the merchant and the customer. If a customer pays online for goods using an SCA process, but later claims it was a fraudulent transaction they will have to prove that the transaction wasn’t made by them. In the past a fraudulent transaction meant the merchant had to refund the money and incurred chargeback costs before any investigation into the transaction’s legitimacy had begun.
What are the costs of implementing SCA?
Implementing a 3DS2 (3D Secure 2.0) enrolment check API and reacting to the outcome before each authentication is something most merchants don’t want to deal with. They have to get an authorisation code from the card issuer/bank to proceed with the transaction. These secure checks can be costly and complex, requiring expert resources to manage and implement.
An alternative way is to work with an established payment services provider (PSP) like Encoded, which means the transaction process and administration is managed by the PSP from start to finish. The merchant captures the customer transaction and the PSP carries out all the secure checks required by the acquirer to verify the card with the card issuer behind the scenes. With checks authorised, the PSP issues a secure link that takes the customer through the online process to complete the transaction.
Choosing the right payment service provider early is an investment for the future. Now is the time to start thinking about how to protect your business from fraudulent transactions and comply with the new regulations.