Remember the panic around the Y2K Bug? It all seems quaint now, but there were huge concerns that computerized systems worldwide would collapse the second the dates changed to 01/01/00. None of it happened, mind you, but the fears were palpable.
It’d be an exaggeration to say that there was a similar panic around Strong Customer Authentication ahead of the original September 14, 2019 implementation date. But there was a lot of confusion – every country and regulator had different rules relating to SCA and merchants didn’t know which issuers would enforce SCA and which wouldn’t.
Merchants were also worried that general unpreparedness and the additional friction caused by SCA requirements would lead to frustrated customers abandoning their online shopping carts. Authorization and conversion rates were expected to drop and there was concern about the impact on the overall customer experience.
Thankfully, an extension was granted
In the run up to the original implementation deadline, the European Banking Authority (EBA) published advice that certain countries might be allowed to extend the original timeline. When the UK’s Financial Conduct Authority (FCA) agreed an 18-month extension to give its payments industry more time to implement SCA, a Europe-wide extension became all but guaranteed. Eventually, the EBA published an opinion putting forth a revised deadline for Strong Customer Authentication migration – 31 December 2020, 15 months after the original implementation date.
This hasn’t totally addressed the misunderstandings. Before September 2019 it was unclear whether issuers would enforce SCA readiness and it’s still unclear now. But there is now a well-defined timeline for the payment ecosystem, and there is likely to be a greater level of readiness next time around.
What did our systems tell us?
We can use this as a chance to take stock of the situation. From September 14, it appears that merchants did not increase SCA levels and issuers did not dramatically change their decline policy. Looking at our own transaction data at Credorax, we can see that transaction volumes haven’t been noticeably affected. Overall, the number of 3D Secure transactions has stayed consistent with the yearly average of 7.3% of all transactions. In Europe, the change in approval rate after September 14 was negligible. Similarly, the proportion of 3D Secure transactions only shifted by half a percentage point. Rather than the earthquake that many expected, it was more of a slight ripple.
Given that most issuers do not support 3D Secure v2.0, the main mechanism for complying with SCA requirements, this is probably a sign that there is still a little way to go for full implementation. Card schemes, for their part, have taken a supportive approach, advising partners on how best to implement SCA measures in the long-term.
What are we doing to help?
At Credorax, we are approaching this issue from a few core areas: value added services like monitoring and analytics to understand how transaction behaviors change in real-time; studying the market, engaging with schemes and issuers to discuss their approach towards SCA and how they will look to implementing these new requirements; technology like our Smart 3DS Advisor that advises merchants how to implement SCA on a transaction level – including when to apply 3DS 1.0 or 2.0 – in order to avoid conversion drops.
In the fullness of time, we expect merchants and customers will enjoy plenty of benefits from SCA: online transactions will be more secure than ever, there will be increased customer confidence in eCommerce and a decreased potential for online fraud and chargebacks for merchants. Moreover, these new regulations will encourage FinTechs to think out of the box and innovate new solutions with real benefits to their customers.
To be sure, there is a still a long way to go, but the industry has almost a year to get all the pieces of the puzzle in place. We’re unlikely to get another extension, so it’s now time to really take this seriously and put an SCA implementation road map in motion.
Contact us today to find out how Credorax can help your business manage Strong Customer Authentication requirements. Email firstname.lastname@example.org to learn more.