Strong Customer Authentication: New Rules Will Trigger Profound Changes in Many Organizations [Q&A]
One of the biggest industry issues for the payments community right now is strong customer authentication (SCA) – the new regulation for card payments, including card-not-present or eCommerce payments. This is due to come into force on December 31, 2020 in the EU, and on September 14, 2021 in the U.K. ACI recently brought together industry stakeholders for a webinar entitled Competition Versus Compliance: How an SCA Exemptions Strategy Can Grow Your Business. I spoke with these stakeholders about the challenges, but also opportunities, that SCA will bring to the payments industry.
Katrin Boettger: The SCA deadlines are getting closer. What do you perceive to be the general readiness of the industry, both in Europe and in the U.K.?
Amanda Mickleburgh, Director – Fraud Management, ACI Worldwide: It is fair to say that right now there is still a large degree of unreadiness in the market. SCA is a “big beast” – in terms of legislation, compliance requirements and technical enhancements that organizations need to be make. The current pandemic has made it difficult for many businesses to complete deployment and conduct enough testing in time for the deadlines, which further compounds the challenge! But we are working actively with our customers and offer them a series of tools and solutions to ready themselves, whether payment service providers (PSPs), acquirers, issuers or merchants. This addresses SCA as well as the issue of SCA exemptions.
Paul Rodgers, Chairman, Vendorcom: I agree that there is still a lot to do for all of us. The industry is very complex and diverse with an interdependent ecosystem. Looking at it in its totality, the level of preparedness is relatively low. But preparations have been stepped up by the national competent authorities across Europe, particularly in the U.K., which is really moving the agenda forward.
KB: From a merchant’s perspective, do you think everyone understands the role they now play in applying exemptions and maybe the control they have in being able to define some of those exemptions?
Johan Carlsson, Commercial Manager, IKEA: At IKEA we have two focus areas. First of all, there’s compliance, so we are working hard to upgrade to the EMV 3D Secure (3DS2) standard. Second, is it to offer a better customer journey. But by doing that, we also use the opportunity to employ 3DS2 and exchange more information, leveraging this information for improved fraud prevention. We leave all the exemptions to issuing banks at this point.
KB: From a financial backend perspective, how can value added solution (VAS) providers support merchants with exemption strategies?
Ralf Hornberger, Global Strategic Partnerships, Arvato Financial Solutions: Our merchants show a high level of creativity right now. What we are seeing is that many are offering deferred payments, for example, especially larger ones, so the customer does not have to actually pay during checkout. They offer” buy now, pay later” options, but also ask people to do bank transfers. Obviously, these are all strategies to circumvent the new rules, to deal with the new situation and keep their businesses running.
KB: Michael, maybe you can offer us an overall picture of the level of readiness as perceived by the Mastercard network, given that you have the luxury of seeing the whole picture end to end?
Michael Sass, Vice resident – Product Management, Mastercard: There is some good news and some bad news that really requires us to focus on specific segments of the market. The good news, we are seeing that roughly 80 percent of the issued cards are ready for 3DS2, the new authentication protocol that the whole industry is shifting towards. The other important milestone we have seen is that 3DS2 performance has massively improved over the last few months and is now actually better than 3DS1.
Merchants should now really focus on deploying EMV 3DS with gusto, because in three months 3DS is going to be a requirement as part of PSD2 and EMV 3DS works better than 3DS1.
KB: Marcus, representing the issuing banks, how do you approach SCA?
Marcus Brandel, Head of Card Fraud Prevention, Swedbank: We as an issuer will use the exemptions – all of them that are available – starting with the easy ones; lower value payments, recurring payments like parking and transportation, contactless, etc. We want to be very thorough in how we implement our exemption strategy because we really want to simplify things for acquirers, merchants and PSPs.
But we look at SCA not just as a new compliance demand. Going forward, I believe SCA is going to trigger more changes in our, and many other, organizations. If you look at how a typical issuer organization is formed today, you have the fraud departments, you have security, you have compliance, you have the reporting statistics department, and so on. The new legislation has such a crucial impact on all those different parts of the organization that today aren’t necessarily so integrated. You need to align these parts of the business and develop a sustainable strategy to secure your business as a card issuer.
Please click here to listen to the recording of the webinar. ACI has also developed an industry-specific SCA resource center to help banks, merchants, issuers, acquirers and PSPs.
Related Blog Posts
EMV at the Pump: Is it Really That Secure?
Last weekend I went spring skiing, well spring snowboarding — but you know what I mean. It was sunny, with temperatures in the 50s — an epic day of carving mashed potatoes to close my snowboarding season.
PCI DSS 4.0 Compliance – A Catalyst for Progressive Consumer Payments Modernization
2021 marks the beginning of the implementation of the new PCI DSS standards, with the final version of PCI DSS v4.0 currently planned for completion in Q4 2021. The planning phase, which has been run collaboratively by the Security Standards Council with the global industry since 2019, has now come to an end and the time window for global financial institutions to begin implementing their solutions has begun. In short, if you haven’t started yet, you’re already behind the curve.
Fintech’s March Madness: The Top Seeds “Jonesing” for Glory in Indiana
Ahh March Madness… my favorite time of year for sports (and gambling) and also the one tournament where I’m typically out of the running in my myriad betting pools after day one. While I’ve paid only marginal attention to actual college basketball this year, I’ve been keeping much closer tabs on the madness that has enveloped fintech. And while 68 teams comprise the real March Madness tournament, I’m really only focused on the top four fintech seeds… and that’s primarily due to length of this post (as well as my waning attention span).
Cloud Trends That Will Shape India’s Banking Sector in 2021
India’s banks and financial institutions (FIs) continue to adapt and innovate as the pandemic drives mass adoption of digital payments. Long term success will depend on successfully ramping up services and ensuring profitability while reshaping customer experiences. This is where the power of the cloud will come into play: In 2021, cloud will increasingly power vital infrastructure for India’s banking and payments sector, improving remote collaboration as well as enabling faster and more agile application development and deployment.
What Will the World of Post-Pandemic Payments Look Like? [Dave Birch Q&A]
Dave Birch is a leading global authority on payments and digital identity, who is no stranger to predicting what the future of financial services has in store. After delivering the keynote presentation at our recent ACI Edge Virtual: Banks & Intermediaries, we gathered some insights from Dave on what the world of payments could look like, post pandemic.
Women in Payments: Breaking into Payments and Cybersecurity
On a virtual panel during the Women in Payments Symposium Canada, Donna Teevens, director of global information security, ACI Worldwide, joined a number of women from payments organizations including Interac, PayPal, RBC and Dentons to discuss, “The Key to Cybersecurity in a Crisis and Beyond.”
Payments in a Post-Coronavirus World: How the Pandemic Is Influencing Tomorrow’s Industry in Latin America
While the novel coronavirus has (understandably) dominated the day-to-day focus of today’s payment players, the fact is, at some point we will either fully adapt or be living in a post-coronavirus world. How can our industry prepare? In a recent webinar hosted by Fintech Americas, we brought together experts from Redeban Multicolor, Red Link and PROSA to explore where they see the industry going – with a specific emphasis on Latin American markets – and what they’re doing to ensure future success.
The Pandemic Has Accelerated the New Era of Acquiring
The COVID-19 pandemic has accelerated many trends already taking shape in consumer purchasing behavior. Almost overnight, routine activities ranging from picking up groceries to buying gas unexpectedly became something that they had never been before – risky.
How National Central Infrastructure Initiatives for Real-time Payments Create Immediate Business Opportunities for Merchants
More and more countries and regional alliances are investing in the creation of new financial market infrastructures. Governments and leaders of central banks have decided that the finance industry needs investment to be fit for the demands of digital economies, suitable for the trailblazing businesses of the fourth industrial revolution.
Payments Modernization in the Cloud: An Inflection Point in the History of Payments
Public cloud is one of the big buzzwords in payments right now. While a few years ago financial institutions were reluctant to embrace the technology, they are now among the most likely to do so. ACI discussed the topic of Payments Modernization in the Cloud during a recent webinar, moderated by Finextra’s Head of Research Gary Wright. Katrin Boettger caught up with the panellists — Ciaran Chu, head of cloud at ACI; Peter Hazou, business strategy leader at Microsoft and Lu Zurawski, practice lead, retail banking at ACI — about why the COVID-19 pandemic might be a further catalyst for the worldwide adoption of cloud technology.