Strong Customer Authentication
Strong Customer Authentication – what’s next?
The European Banking Authority (EBA) has released an opinion stating that the revised deadline for migration to SCA has been set at 31 December 2020, a 15-month extension from the original implementation date of 14 September 2019.
The focus of the EBA opinion is on ensuring a harmonised, phased approach to implementation, with a clear timeline of actions required by payment service providers (PSPs) to ensure full compliance throughout the payments ecosystem well in advance of the deadline.
It is now vital that merchants maintain their focus on integrating 3D Secure to their purchase flows, making the best use of the additional time to pilot, test and introduce SCA incrementally.
What should merchants do to prepare for the revised deadline?
1. Plan your phased rollout of 3DS 2.1 – 2.2 now
There had been a perception that 3DS 1 was a challenging user experience1 , as it introduced a significant degree of friction into the flow, requiring users to navigate away to a third-party site in order to complete the authentication.
3DS 2.1 offers a much more user-friendly experience with the authentication challenge embedded in the purchase flow. By integrating version 2.1 now, it will be a much smaller lift for merchants to integrate 3DS 2.2 once it is available.
Critically, 3DS 2.2 offers merchants the opportunities to avail of exemptions to SCA such as those available for low-value and recurring transactions.
2. Work on reducing your fraud rates
There are clear rules regarding the challenging of payments under PSD2. Transactions valued under €30 will not need to be challenged. For transactions above €30, a new procedure kicks in, one that depends on the reference fraud rates of the acquiring bank and the issuer – not the merchant.
Under PSD2, if your acquirer’s fraud rate is below 13 basis points (bps) there’s no requirement for a challenge for transactions of up to €100. But if the fraud rate is below 6bps that ceiling rises to €250.
Merchants with an applicable fraud rate of below 6bps can apply to join J.P. Morgan’s discrete low fraud entity which allows merchants to claim a Transaction Risk Analysis exemption flag for transactions of up to €250.
3. Check that your gateway, acquirer and other third party technology partners are 3DS-ready.
The power of SCA to increase approval rates and reduce fraud depends very much on the whole e-commerce ecosystem working together. Merchants should use this extension to the SCA deadline to understand: what are their partners’ plans for the rollout of 3DS? And how will that impact their own development roadmap?
Greater clarity around how SCA will work in practice
“From our European HQ in Dublin our on-the-ground SCA advisory team has been working closely with our merchants for the past 18 months, helping them navigate the complexity of achieving that balance between security and the need for convenience and speed in online payments,” says Brian Gaynor, Executive Director, Head of Product and Strategy at J.P. Morgan Merchant Services in Europe.
“Previously there has been a lack of clarity throughout the e-commerce payments industry around what SCA will mean in practice and the steps needed for each member of the ecosystem to become fully SCA-ready,” he continued.
“The EBA has provided a clear timeline of milestones that issuers and acquirers must achieve well in advance of the new December deadline. We will be working closely with clients and across the ecosystem to ensure those milestones are met.”
Focus on building a plan of implementation, testing and iterative releases
According to Gaynor, “Now the technology is available, merchants can focus on building a phased plan of implementation, A/B testing and iterative releases in order to ensure that the introduction of SCA causes minimal disruption to their purchase flows.”
J.P. Morgan is SCA-ready
3DS 2.1 is available today via J.P. Morgan to authenticate your transactions, with version 2.2 anticipated for 2020. Our solution helps you to retain full ownership of the consumer experience while benefiting from the flexibility to adapt to local market conditions.
We will continue to work closely with our European merchants to ensure they migrate to authentication approaches that are compliant with SCA.
As part of our enhanced advisory offering we monitor authorisation and fraud rates for all our merchants, and proactively advise them of any potential issues as well as help them put solutions in place.
Contact your J.P. Morgan representative or call our merchant support team on:
Europe: +353 1 726 2909
UK: +44 845 399 1130