ACI Blog

Fraud Management for Acquiring Banks: Exceeding Expectations With SCA Exemptions Post-PSD2

Why is SCA still relevant in 2022?

Merchants in many markets experienced a decrease in footfall in physical stores across the 2021 holiday period. Although this is usually a busy shopping period in Europe, rising COVID-19 cases and new digital payment methods encouraged consumers to do more shopping online, across more channels and payment types than ever before. According to the German association of retailers (HDE), holiday sales in brick-and-mortar non-food retailers were down by 26 percent compared with 2019. This reduced footfall has been seen across Europe as consumers use their thumbs for online shopping instead.

Since December 2020, to comply with PSD2 rules, banks have had to enhance consumer protection with strong customer authentication (SCA) for online, real-time payments or eCommerce card transactions. As more consumers make the shift to eCommerce, this mandate continues to affect them at greater scale throughout Europe. With PSD3 on the way, the time is now for banks to protect customers with a modern fraud prevention solution.

While this mandate is intended to make digital payments more secure for banks and consumers, if it has not been implemented in the right way, banks risk damaging the customer experience. Some friction is needed to protect the customer from fraud, but acquiring banks need the right balance between protecting the customer and meeting growing demands for smooth digital transactions.

From meeting requirements to exceeding expectations

Adopting and implementing an exemption from SCA is often a difficult feat without the right technology, so banks often fall into the trap of passing all transactions through SCA to comply with the PSD2 regulation. This negatively impacts customer experience as it requires two-factor authentication (2FA) for online and contactless payments. With SCA, customers encounter more friction when making digital transactions, and are less likely to make payments — ultimately reducing the banks’ ability to grow market share.

The challenge for acquirers is having the right tools and making them core to the business. Although the deadline has passed for complying with PSD2 rules, it is not too late to reap the benefits of SCA exemptions.

Minimizing friction for consumers

Although all banks must implement SCA as part of their PSD2 compliance, there are some circumstances in which exemptions can apply.  With the right technology, it’s possible to judge the validity of a transaction by exploring the contextual clues around it. ACI Fraud Management provides acquiring banks with real-time decision making based around contextual data. For example, if a customer is purchasing goods online from a merchant they have used before, using the same device and IP GEO location, the chances are the transaction is legitimate. By applying these sorts of contextual insights, banks can become eligible for SCA exemptions and significantly improve the customer experience, even with the introduction of SCA.

This risk-based authentication (RBA) will provide the right and appropriate amount of security, limiting unnecessary damage to the customer experience and promoting consumer spending. This sort of solution can also be deployed without an extensive implementation, avoiding problems with long implementation times. The result for the customer is a frictionless experience, and the result for the bank is an increased market share through customer adoption of new payment methods.

Want to Learn More about SCA Exemptions? Read our latest eBook: Thriving Post-PSD2: ACI’s Five-Step Guide to Conquering SCA Compliance

Principal Fraud Strategy Consultant

Jay Floyd is a subject matter expert in Financial Crime prevention having spent the last sixteen years in fraud prevention roles primarily within fraud analytics and strategy. He spent the first eight years with Citi / Egg Bank in the United Kingdom leading their Financial Crime Systems, Analysis & Reporting department. Through ACI Worldwide and another vendor, he has utilised his experience to benefit many other major financial institutions in America, South Africa, Australia, China, Latin America, Europe and the Middle-East. He has also gained further expertise by working closely with many of these organisations giving him expert level knowledge of fraud detection systems and operations covering all aspects of Financial Crime through varying channels including Card, Account, Cheque, Merchant, Employee, Online/Mobile Banking, AML (KYC) and Application fraud.