Exemptions from SCA

If you’re on this website you’re probably an e-commerce owner and already aware that on 14 September 2019, new requirements for authenticating online payments will be introduced in Europe as part of the second Payment Services Directive (PSD2).

Banks will decline payments that require Strong Customer Authentication (SCA) and don’t meet these criteria. You can read the original SCA requirements from the Regulatory Technical Standards or RTS here.

What does all this mean for an e-commerce owner?

The frustration is obvious for most online businesses, adding yet more friction to the checkout process is not good for any online retailer who is well aware the end result will be a drop in conversions and sales.

From September 14, 2019 all non-compliant transactions will be declined by the cardholder’s bank. Extra friction will be caused by customers’ having to double authenticate all transactions, this will create a negative impact on your existing checkout conversion rate.

Conversions will drop steeply if your payment process is causing extra friction or even worse, you won’t be able to make any sales at all if upgrades are not made to your checkout.

From this date, every time a consumer buys something online that costs over €30, simply adding their details once will no longer be enough. Instead, they’ll need to additionally confirm their identity by something they know (a PIN or password), something they have (such as a smartphone), or something they are (biometric facial features or a fingerprint).
This is known as two-factor authentication (2FA) which you may have encountered before – for example when a six-digit pin is sent to your mobile to input on a website.

Something they know, such as a PIN or Password.

Something they have, such as a smartphone.

Something they are, such as biometric facial features or a fingerprint

This is known as two-factor authentication (2FA) which you may have encountered before.

An example compliant procedure might include a combination of a password (knowledge) and smartphone (possession) with a passcode sent to the user via SMS. Another example might be a password (knowledge) and a fingerprint (inherence).
The exact rules are yet to be clarified until near the date and will be largely determined by the issuers’ bank.

 

Who does SCA affect?

Everyone. (Buyers and sellers)
1. All business owners in the UK and EU that take payments through their website.
2. All customers in the UK and EU that buy products online.

Are there exemptions?

Any online transactions under €30 is considered low value and could be exempted from SCA. However the issuers bank will request authentication if the exemption has been used five times consecutively or if the sum of exempted payments is more than €100.

So, if a customer buys a shirt online for €28, that transaction will be exempt and SCA is not required. If the same customer on the same website buys another shirt for €28 then its still exempt. But if the customer returns for the 4th time using the same card then the value has exceeded €100 and SCA will be applied.

So even if your online store only sells low-value items, you will face potential issues with returning or multiple purchase/bulk buying customers.

But there is an opportunity:

Amongst the disruption and chaos the compliance is causing, there is a great opportunity for forward-thinking companies to stay ahead of the curve and to make better payment process decisions than their competitors.

Every online store is facing the same challenge at the same time. With these tighter online rules affecting transactions.

Those who have thought and analysed their payment process and actioned seamless checkout experiences will have a big competitive advantage against those who are simply waiting for the changes to happen and go with the flow.

It’s almost inevitable that there will be drops in conversion (shopping cart abandonment), its how you adapt to these barriers providing the most frictionless experience for your customers.

Those that do get the frictionless payment process right, may enjoy better sales as customers are swayed by a better, simpler, more user-friendly, e-commerce sites.

It’s this mentality that will see some store owners flourish in the new era of compliance.

What should I do to make my e-commerce store SCA compliant and increase conversions?

Start planning now, this is not a one size fits all solution. Just like GDPR in May last year, SCA is complex and shouldn’t be left to the last minute.

The first steps are to perform a full payment flow audit of your site to discover the friction.

A Payment Flow Audit will make key recommendations and highlight what steps need to be taken and how to be fully prepared.

To request a website audit, click here

What should I do to make my store SCA compliant and frictionless?

Is your checkout/payment process fully optimised?
What can be done to improve conversions?
What's the best way to simplify your checkout?
What can be done to provide a better user experience?
Can you minimise the steps to payment?
Is your business using the most suitable payment processor?

Payment Flow Audit

    Payment flow Audit (Conversion Optimisation):

    Read our Terms and Conditions and Privacy Policy.

    [recaptcha]