Strong Customer Authentication

A closer look at e-commerce fraud at the tail end of 2020 – and how SCA will influence it in 2021 


The European deadline for Strong Customer Authentication (SCA) compliance is just weeks away. We’ve been looking at the payments ecosystem in terms of implementation, and what this major new change to online payments protocol means for e-commerce merchants. 

SCA is designed to ramp up online security, and therefore reduce fraudulent transactions, providing extra protection for both consumers and companies. Despite the challenges of introducing a new protocol, arguably the hard deadline for launching it – 31 December 2020 – has come at the right time. Indeed, e-commerce fraud has jumped this year in line with rising e-commerce volumes. 

However, a significant trend to note is that in recent months, among J.P Morgan’s own merchant clients, e-commerce transaction fraud has actually been reducing. As a proportion of sales, we've seen it go down across our portfolio, and we are seeing that risk continue to decrease.

We think there are a number of factors explaining this, including SCA. The positive factors reducing e-commerce fraud appear to be:

 

3DS 2.1 implementation

There has been a real uplift in merchants installing 3DS 2.1 this year to enable SCA compliance. The 2.1 iteration (and the even more recent version, 3DS 2.2) accepts a wider range of authentication methods, including biometric and SMS data. Importantly, as mobile commerce booms, the 3DS 2.1 interface integrates far better into mobile devices than the earlier 3DS 1 solution. 3DS 2.1 also allows merchants to take advantage of the exemptions that are available for SCA – for example, for recurring payments and for transactions under €30. 

 

Boosting consumer awareness of online fraud 

There is no doubt that, with physical retail reduced this year, fraudsters have focused on e-commerce payments in 2020. Research from OpSec Security suggests 86% of consumers have been the victim of some form of identity theft, credit or debit card fraud or a data breach this year, up from 80% in 2019.

But banks, card brands and merchants have all worked hard to inform their customers of the heightened risk, likely leading to greater consumer caution and awareness when spending online as a result. 

 

Uptake of transaction risk analysis exemptions

This is a key way to exempt transactions from SCA requirements. It means that for merchants whose acquirer’s fraud rate sits below 13 basis points (bps) there’s no requirement for an SCA challenge for transactions of up to €100. If the acquirer’s fraud rate is below 6bps, that ceiling rises to €250.

Merchants with an applicable fraud rate of below 6bps can apply to join J.P. Morgan’s low fraud entity, which allows merchants to claim a transaction risk analysis exemption flag for transactions of up to €250.

 

CONCLUSION

There’s no doubt e-commerce merchants have faced an incredibly challenging year. Across Europe, different countries and different banking authorities are taking different approaches to launching SCA, so the best option for merchants is to be as prepared and consistent as possible, ideally well before the 31 December 2020 deadline. 

When fighting e-commerce fraud, we always recommend taking an informed, multi-faceted approach that targets and addresses as many risk factors as possible. Implementing all three of the above measures will work towards that. 

The launch of SCA will face challenges in 2021, and fraud undoubtedly remains a significant threat throughout the e-commerce ecosystem. But we believe we’re already witnessing a far more secure online payments environment for both e-commerce merchants and their customers. 

Contact your local J.P. Morgan representative for further advice on the best way to manage the risks, transitions and opportunities the e-commerce community is facing this year and into 2021. 

Already an Existing Customer?

Contact us if you require advice, help or support.

Existing Merchant Service Customers

If you have a technical issue or a question about your merchant account, please call your Relationship Manager directly.
Alternatively, call our merchant support team on:

For Europe: +353 1 726 2909     UK: 0845 399 1130

Further information is available at any time through your Paymentech Online account.

 

Out of Courts Complaints and Redress Procedures

  1. J.P.Morgan has in place complaint resolution procedures to settle complaints of Merchants arising from their rights and obligations under Parts 3 and 4 of the Payment Services Regulations 2018.
  2. If you have a complaint, please contact your Relationship Manager. Your complaint will be addressed in accordance with J.P.Morgan complaint policy, which we are happy to provide upon request.
  3. In the event of a complaint, a Merchant may refer the matter to the Irish Financial Services and Pensions Ombudsman (FSPO) or such relevant out-of-court complaint body or to such other competent out-of-court complaint body applicable to you in the country where you are established.
  4. Details on complainant eligibility are available on the FSPO website.

                   You can contact the FSPO at:

Irish Financial Services and Pensions Ombudsman
Lincoln House
Lincoln Place
Dublin 2
D02 VH29
Ireland
Tel: + 353 1 567 7000
Email: info@fspo.ie
Website: https://www.fspo.ie

 

Merchants domiciled in the UK

  1. From 1st January 2021, J.P.Morgan will enter into the UK's Temporary Permissions Regime (TPR).
  2. The TPR has been established by the UK regulators to allow firms such as J.P.Morgan to continue to operate in the UK following the end of the Brexit transition period.
  3. During the TPR, a UK-based merchant that is not satisfied with our response to a complaint and that qualifies as an eligible complainant may refer the matter to the UK's Financial Ombudsman Service. Details on complainant eligibility are available on the Financial Ombudsman Service website.

                   You can contact the Financial Ombudsman Service at:

Financial Ombudsman Service
Exchange Tower
London
E14 9SR
Free phone: 0800 023 4567
Email: complaint.info@financial-ombudsman.org.uk
Website: www.financial-ombudsman.org.uk