What is Strong Customer Authentication?
From 14 September 2019, new requirements called “Strong Customer Authentication” for verifying customer initiated online payments (like ecommerce purchases) will start to apply in Europe.
What Changes Will Be Happening?
Strong Customer Authentication is coming in as part of the second Payment Services Directive (PSD2). This is likely to still apply to the UK even with a no-deal Brexit so it’s worth preparing for. Strong Customer Authentication involves an extra step during checkout for orders over €30 – imagine the existing 3DSecure (ie Verified by Visa and Mastercard® SecureCode) steps you’ve probably seen while buying things online.
An estimated £671m was lost to fraud on UK payment cards in 2018, a 19% increase on the previous year, so SCA is a worthwhile change.
How Will SCA Work?
The new stronger authentication will use two out of the following three ways that the customer can use to verify the transaction during the checkout process:
- Password or PIN
- Device (Phone, tablet etc)
- Biometrics – Fingerprint or face recognition
Banks will start declining transactions that fail authentication from the 14th of September 2019. The rollout of SCA has been extended for 18 months however, so your particular bank may not be following this date strictly.
What Do I Need To Do?
If you have an ecommerce website then you’ll be using a payment gateway. Gateways mostly come in two flavours – on-site and off-site. Most small businesses are using off-site payments to avoid liability for security issues. If you are using off-site payments, the new Strong Customer Authentication is likely to happen there so as long as you’re running the latest version of your ecommerce software and payment gateway you should be good.
For mobile users, Apple Pay and Google Pay already use biometric data or a password to authenticate payments so are good options.
It’s worth testing your online payments regularly come September the 14th just to make sure customer payments are not failing.