Exemptions are an important part of the balancing act between protecting transactions and providing seamless customer experience. For many financial services firms that provide merchant acquiring services, this could be a key differentiator. For organizations that do not successfully implement SCA exemptions, it could negatively impact the business of their merchants and risk market share loss in the process.
It’s crucial for organizations to realize the benefits of Strong Customer Authentication (SCA) by rapidly implementing differentiated services that bring added value to acquirers and merchants. I spoke to Jay Floyd, Principal Fraud Consultant Europe at ACI Worldwide, to find out more.
RT: Tell us a little more about SCA, exemptions, and why this seems to be a difficult part of risk and fraud management?
Jay Floyd: SCA is a key element of PSD2, which introduces additional security authentication for online, Card Not Present (CNP) transactions and alternative payments over €30. In February 2017, we saw the release of the regulatory technical standards (RTS) for SCA. RTS defines the framework for the implementation of PSD2 with primary focus on SCA, and Common and Secure Connection (CSC). In short, we could say that PSD2 covers the “what” aspect of the regulation, whereas the RTS defines “how” this is to be done. PSD2 may already be here, but the EBA recently acknowledged the need for financial institutions to implement SCA in a customer-centric manner, and the time needed to do this effectively.
The EBA has therefore delegated authority to National Competent Authorities to set in-country deadlines for compliance. This does not mean that the pressure is off, but it does provide a new opportunity for acquirers and payments services providers (PSPs) that were lagging behind in meeting the original September 14 deadline. Following publication of the EBA’s Opinion, they now have a timeframe to implement SCA exemptions in a way that differentiates their business from the competition.
SCA aims to standardize practices across the EEA and reduce fraud, especially in the case of online transactions. It requires two independent sources of validation known as Two Factor Authentication (2FA) – this increased security obviously benefits banks and merchants, but if not implemented effectively, risks negatively impacting customer experience, with repercussions including cart abandonment. To mitigate this risk and at the same time improve customer experience, RTS does provide a number of exemptions to SCA, aimed at minimizing friction. These include:
- Low value payments exemption (below €30)
- Recurring payment exemption, such as subscriptions
- Trusted beneficiaries, including identified trusted merchants
- Secured corporate payments
- Transactions that real-time Transaction Risk Assessment solutions have identified to be low risk
Banks are in the business of customer experience and are accustomed to balancing this with regulatory demands. Acquirers are facing new fraud regulations, but are often too focused on the compliance piece of SCA instead of prioritizing the customer experience. There is a real opportunity to get ahead of the individual country deadlines for compliance if they act now.
RT: How can acquirers and PSPs do their part to minimize checkout friction?
JF: The checkout conversion rate is an incredibly important statistic because every abandoned shopping cart represents lost revenue for all parties in the payments value chain. And for large merchants dealing with thousands of shoppers every hour, even seemingly miniscule changes in a conversion rate can significantly affect revenue, positively or negatively. Thus, every online merchant is working to raise conversion rates as high as possible and they expect their acquirers to provide services that support this goal.
If the acceptance rate is too stringent and blocks genuine shoppers, this will inevitably lower conversion rates and cause a real loss in revenue. Fraud prevention strategies need to block fraud, but be sophisticated enough to allow genuine sales to flow through easily.
Exemptions can help to strike this balance – and they don’t need to be complex for acquirers, merchants, PSPs or any other party in the payments value chain. First, they need access to quality payment data. Then, this data needs to be organized into digestible pieces, often managed by a personalized dashboard and analyzed in real time. It’s all about gaining the ability to make real-time decisions on transaction risk and responding accordingly.
RT: What are some of the challenges faced by acquirers that need to be overcome to achieve this?
JF: All of the effort acquirers and PSPs put into gaining market share cannot be compromised by a poor strategy when it comes to SCA exemptions. The challenge is to have the right tools, build the right skills and create visibility – making it core to the business. SCA exemptions will become core the the merchant acquiring business in Europe because they directly impact the ability to grow market share.
With the right technology in place to make real-time decisions, implementing exemptions ahead of the regulatory deadline can be easy. Many see exemptions as “just another challenge to overcome,” but it is worth thinking strategically now to avoid future complexity as a result of a poor tactical decision.
ACI’s UP Payments Risk Management solution has a proven track record in managing customer attrition related to fraud prevention. This experience now benefits acquirers as as they look to achieve compliance and manage customer experience in parallel, to minimize the impact of SCA and capitalize on the opportunity created by exemptions. This creates an accelerated path to market leadership.
RT: What will be the key benefits to merchants and PSPs?
JF: Support from acquirers and PSPs to minimize potential friction and excel in customer experience. Merchants could never justify building skills and proprietary solutions in this area, so they rely on their acquirers to bring best-in-class SCA exemption management in order to guarantee they will achieve their desired conversion rates, and that friction will not negatively impact their business.
The customer experience will also be improved through the ‘right’ level of friction; customers expect to be challenged on transactions that are obviously outside of their usual purchasing behavior. They may already feel nervous about such transactions, so they are reassured when SCA is triggered at the right time.