Retailers must be aware of strict new anti-fraud measures to ensure online transactions run smoothly, says Judy Nguyen, vice-president of network product development and management at American Express.

  • Strong Customer Authentication (SCA) is a new European regulatory requirement (part of the second Payment Services Directive or PSD2) being introduced to reduce fraud and make electronic payments more secure where both the merchant and the cardholder are located in the European Economic Area (EEA).
  • SCA is a two-factor authentication process designed to add an extra layer of security when cardholders make an electronic payment. SCA requires cardholders to provide two independent sources of identity verification for a card issuer to approve electronic transactions.

Last year was an extraordinary year for ecommerce, with UK online sales an astonishing 50% higher in August than in February, according to the Office for National Statistics.

However, the boom in online commerce was not without its challenges as retailers sought to manage greater supply-chain pressures and the need to upscale deliveries.

In addition to this increasingly demanding environment, there are more significant changes on the horizon this year, namely the ongoing rollout of SCA – a new, central element of Europe’s revised PSD2 legislation.

In practical terms, SCA brings additional security authentications for certain ecommerce transactions, a process designed to add an extra layer of fraud protection when cardholders make an online payment.

SCA officially came into law across the EEA and UK in September 2019, but it is only from January 1, 2021, that many national regulators across the region began actively enforcing the regulation.

“If retailers don’t act soon, they risk payment providers declining transactions, which could lead to loss of revenue”

However, despite the legislation having already come into force for many, some retailers are yet to begin taking the necessary steps to integrate SCA.

If they don’t act soon, they risk payment providers declining transactions, which could ultimately lead to a loss of revenue and unnecessary friction, potentially driving customers away.

While in the UK the Financial Conduct Authority has confirmed a revised enforcement date of September 14, 2021, other countries’ regulators are requiring the industry to ramp up SCA now.

It therefore is imperative for retailers to take immediate action to be ready for SCA implementation.

The challenge for online retailers is to strike the right balance between authentication and seamlessness.

This is not simple given that the growth of new ecommerce customers has also led to a corresponding rise in payments fraud – more than £16m was lost to online shopping fraud during the first lockdown in the UK, so implementing the technology to allow for SCA has never been more important.

There are clear steps online retailers can take to implement an SCA solution that allows them to offer a secure and seamless checkout experience:

  1. Create a seamless experience using industry standards – EMV 3-D Secure (3DS) has been created as the global industry standard, enabling retailers to undertake SCA integration for all major networks, saving time and resources – both of which are a priority for many retailers in the current climate. With online transactions representing an increasingly large part of operations, it’s vital that retailers take advantage of this new, standardised technology to minimise disruption to the checkout process without compromising customer security.
  2. Data is king – Retailers should incorporate and maximise data insights to streamline the transaction process. As part of this, retailers should look to adopt technology that doesn’t require any additional input from the consumer. 3DS does just that. By providing data insights on the purchasing journey, issuers are able to model risk and, where PSD2-exempt, minimise levels of challenge rates, ensuring a smooth purchasing journey and reducing basket abandonment.
  3. Tried and trusted – While maintaining fraud protection for consumers and retailers alike, cardholders can select retailers as ‘trusted’ and be exempted from the requirements of SCA to further support a seamless customer experience.

As online retailers grapple with ongoing uncertainty, every single purchase counts. That’s why at American Express we recently launched SafeKey 2.2, a security solution that leverages the global 3DS industry standard.

With just a few months until the UK regulations come into play, online retailers should waste no time in implementing technology to ensure they are SCA-compliant.

To find out more about how SafeKey protects your business and supports a smooth online checkout experience, visit our website.

We have recently simplified the set-up process; retailers no longer have to enroll directly with American Express and can start using SafeKey as soon as they have completed technical set-up with a certified 3DS Server (MPI) Provider. Here is a list of certified 3DS Servers.

American Express Services Europe Limited is authorised and regulated by the Financial Conduct Authority. 

Judy Nguyen – American Express

Judy Nguyen is vice-president of network product development and management at American Express