May 20, 2021

SCA: What’s Changing for What Impacts?

If you regularly buy online, you may have noticed: since April 15, purchases over €100 now require strong authentication.


SCA: What’s Changing for What Impacts?

If you regularly buy online, you may have noticed: since April 15, purchases over €100 now require strong authentication. And it’s not over yet, because soon, all payments with no minimum amount will be affected. Initially scheduled for May 15, an additional 4 weeks have been granted in France to allow banks to adapt.

What is SCA?

Strong Customer Authentication, or SCA, is a feature designed to improve the security of online payments. You have probably already experienced it when you were asked to enter a code received by SMS to confirm your online purchase.

The goal is to verify that for each online purchase, you are indeed the originator of this purchase and that it is not a fraud attempt. In order to perform this verification, it will rely on two of the following three elements:

  • Inherence, an element that characterizes you (fingerprint, facial recognition, etc).
  • Knowledge, an element that only you know (PIN code, password, etc.).
  • Ownership, an element that you possess (smartphone, USB key, etc.).

On paper, this is good news because it will reduce the rate of online fraud for card payment. But in practice, it is more mixed.

Indeed, this represents the addition of a heavy step during the purchase process and which already negatively impacts the conversion rate of e-commerce sites.

What is changing?

Thus, a new step has been added to the purchase path and we are already feeling the impact of this new feature. Indeed, conversion rates have decreased and abandonment rates have already increased in most of European markets.

One of the most obvious examples in Europe is Spain, where the migration to SCA was done quite quickly, resulting in a prominent impact on ecommerce and especially on conversion rates.

According to CMSPI, a global payments consultancy, the average SCA failure rate is around 33% in Europe, with a lot of differences between european countries (for example, the failure rate is 18% in Sweden and 23% in France).

This is the result of the definition by European regulators of a migration period over 2021 to progressively deploy PSD2 mandates. This has allowed for a smooth deployment leading to impacts that are considered controlled (within european countries, we can see that SCA impacts are drastically reduced in countries with smooth, organized and long migration periods).

This system will also impact other functionalities such as one-click. Giants retail players attach particular importance to this functionality. Indeed, it facilitates impulse purchases, which are very important for their turnover. With the SCA, the fluidity of such functionality will be greatly impacted.

This shows that these changes will affect everyone, not just small e-commerce sites.

Another difficulty we have to face is the authentication on mobile which doesn’t work as well as standard OTP SMS (One Time Password) authentication up to now. In browser mode, the new SCA authentication method works quite well, but in native mode (in-app), a lot of technical issues have been raised related to new authentication protocols (-40% conversion rate). Some working groups are already working on the subject to solve this problem.

With time, the OTP SMS authentication method will be progressively replaced by authentications via mobile app. However, this raises a maturity issue. On the one hand on the technical side where there is still progress to be made, and on the other hand on the customers side who are not used to such a use. It will therefore take time to achieve conversion rates equivalent to OTP SMS.

How to reduce the impact?

Fortunately for e-commerce sites, there are alternatives such as implementing exemptions which are allowed by the European regulation about SCA. Indeed, the regulator took into account the fact that strong authentication will not be required for all online payments. One example is the subscriptions that represent a series of recurring payments for the same amount and to the same beneficiary.

In order to preserve features such as one-click, market players intend to use exemptions. Within the regulation, the condition to be able to apply SCA exemption is directly linked to the fraud rate. That is why it is key for payment players and merchants to monitor fraud rate and to reach a low fraud ratio to be able to provide frictionless customer experience in payment.

Today, Market Pay participates in various groups to monitor the implementation of the SCA in Europe, such as the OSPM task force, Observatory for the Security of Payment Means. We also participate in the GIE CB’s Fast’R Copil, where we monitor the level of migration of french market to 3DS2 and SCA, with a strong focus on conversion rate.

As part of the Payment System Committee of EuroCommerce, Market Pay also monitors the impact of the SCA at the European level.

Even though everyone has been working on the implementation of SCA since the end of 2020, every additional step in the deployment of soft decline (to force SCA) negatively affects acceptance rates.

Like Market Pay, it is crucial for payment players to be well positioned in the ecosystem which allows direct interactions and coordination with all the payment market players (schemes, processors, banks…).

This migration to strong authentication requires new skills and adapted solutions to maintain the customer experience and the expected conversion rate.

Through the experience of 3DS2 and SCA migration, Market Pay gained a valuable and significant expertise and knowledge in SCA management (including exemptions), and is working on its Digital Payment Platform. This tool will allow to take advantage of a digital engine including a fraud tool, to propose dynamic payment pages with a PSP switching and a retry after soft decline.

With this tool, you will have access to a portal available in several languages allowing you to consult the status and details of transactions in real time, and to apply different actions, such as refunds or cancellations, according to the profiles, allowing you to perform your accounting reconciliation.

In addition to this new solution, Market Pay is an european acquirer with a very low fraud level and a direct link with most of the largest european banks, which gives a unique ability to optimise SCA and customer experience in ecommerce.

As you can see, at Market Pay we work daily to support our customers and partners on this subject, in order to secure their revenues.

Because we are born in retail to drive payment.

    • Legal notice
    • Privacy policy
    • Cookies
    • Legal notice
    • Privacy policy
    • Cookies