We no longer support this browser. Using a supported browser will provide a better experience.

Please update your browser.

Close browser message

Strong Customer Authentication

How to Maximize the Remaining Time Before the Extended SCA Deadline


It has been an extraordinary year for e-commerce. As e-commerce web traffic now reaches a record high in 2020,1 merchants are contending with rising order volumes alongside supply and delivery issues.

With the flood of new e-commerce customers in 2020, and with bricks-and-mortar stores closed for months in 2020, payments fraud is increasing too.2 Strong Customer Authentication (SCA) is a new, key element of Europe’s revised Payment Services Directive (PSD2) legislation, designed to secure online transactions and reduce fraud.

The deadline for having SCA in place has been extended to 31 December 2020 in the EU and 14 September 2021 in the UK. After these dates, multi-factor authentication will be mandatory at checkout, typically by using 3-D Secure 2.0 (3DS2). As a reminder, this requires shoppers to provide two of three identifying factors, otherwise banks will be required to decline the transaction. Customers will need to provide:

  • Something the shopper has—such as a code from their smartphone
  • Something the shopper knows—like a password or PIN
  • Something the shopper is—something inherent to the customer, such as a fingerprint or face recognition

Ahead of the deadlines, we’re advising our clients to:

 

1. Make Sure You and Your Partners are Ready

It’s not just merchants who need to be ready for SCA; the entire European payments ecosystem has to be ready to make it work. Implementing, testing and fine-tuning your payment systems takes time, so it’s essential to contact your payment service provider now, to ensure they are also ready and able to equip your site with 3DS2 to enable multi-factor authentication.

 

2. Consider Launching Before the Deadline

A key advantage of launching SCA in advance of the 31 December deadline and across all your e-commerce channels, is that once it is in place, liability for card fraud shifts from the merchant to the card issuer. This could mean significant cost reductions for merchants. Launching prior to 31 December also means that your system is tested and ready in advance to avoid any last minute risks.  

 

3. Communicate the Changes with Your Customers

Clear messaging will pave the way for customers to accept the new interfaces and questions at checkout. Briefing customers ahead of time and building trust may lead to being assigned to consumers’ personal ‘whitelists’ later down the line. This is a feature that will allow shoppers to proceed without being subject to SCA checks for repeat transactions with a merchant that is a ‘trusted beneficiary’.

 

4. Minimize Your Fraud Rates Pre-launch to Help Qualify for SCA Exemptions

Exemptions apply to some transactions (for example, transactions under EUR30 subject to the cumulative amount of transactions since the last application of SCA not exceeding EUR 100), while merchants can also offer a more frictionless experience to customers depending on their own fraud score. For example, merchants can also apply to contract with a J.P. Morgan entity purposely established to currently facilitate merchants with a fraud rate below the regulatory six basis points threshold value to claim a transaction risk analysis exemption flag for transactions of up to EUR250.

 

CONCLUSION

Notwithstanding the extensions that have been granted, SCA is coming and will be mandatory in many EU regions within weeks. SCA implementation may viewed by some as an extra burden to deal with however we see it as an opportunity to ensure the most effective security protocols are in place and to future-proof our merchant clients.

Contact your local J.P. Morgan representative for further information on managing the risks, transitions and opportunities the e-commerce community is facing this year, and into 2021.

 

1. statista.com, October 2020. ‘Coronavirus impact on retail e-commerce website traffic worldwide as of June 2020, by average monthly visits.’ Accessed November 2020. 
2. itpro.co.uk, November 2020. ‘More than half of businesses saw rising fraud levels this year.’ Accessed November 2020. 

Already an Existing Customer?

Contact us if you require advice, help or support.

Existing Merchant Service Customers

If you have a technical issue or a question about your merchant account, please call your Relationship Manager directly.
Alternatively, call our merchant support team on:

For Europe: +353 1 726 2909     UK: 0845 399 1130

Further information is available at any time through your Paymentech Online account.

 

Out of Courts Complaints and Redress Procedures

  1. J.P.Morgan has in place complaint resolution procedures to settle complaints of Merchants arising from their rights and obligations under Parts 3 and 4 of the Payment Services Regulations 2018.
  2. If you have a complaint, please contact your Relationship Manager. Your complaint will be addressed in accordance with J.P.Morgan complaint policy, which we are happy to provide upon request.
  3. In the event of a complaint, a Merchant may refer the matter to the Irish Financial Services and Pensions Ombudsman (FSPO) or such relevant out-of-court complaint body or to such other competent out-of-court complaint body applicable to you in the country where you are established.
  4. Details on complainant eligibility are available on the FSPO website.

                   You can contact the FSPO at:

Irish Financial Services and Pensions Ombudsman
Lincoln House
Lincoln Place
Dublin 2
D02 VH29
Ireland
Tel: + 353 1 567 7000
Email: info@fspo.ie
Website: https://www.fspo.ie

 

Merchants domiciled in the UK

  1. From 1st January 2021, J.P.Morgan will enter into the UK's Temporary Permissions Regime (TPR).
  2. The TPR has been established by the UK regulators to allow firms such as J.P.Morgan to continue to operate in the UK following the end of the Brexit transition period.
  3. During the TPR, a UK-based merchant that is not satisfied with our response to a complaint and that qualifies as an eligible complainant may refer the matter to the UK's Financial Ombudsman Service. Details on complainant eligibility are available on the Financial Ombudsman Service website.

                   You can contact the Financial Ombudsman Service at:

Financial Ombudsman Service
Exchange Tower
London
E14 9SR
Free phone: 0800 023 4567
Email: complaint.info@financial-ombudsman.org.uk
Website: www.financial-ombudsman.org.uk