Strong Customer Authentication: New Rules Will Trigger Profound Changes in Many Organizations [Q&A]
One of the biggest industry issues for the payments community right now is strong customer authentication (SCA) – the new regulation for card payments, including card-not-present or eCommerce payments. This is due to come into force on December 31, 2020 in the EU, and on September 14, 2021 in the U.K. ACI recently brought together industry stakeholders for a webinar entitled Competition Versus Compliance: How an SCA Exemptions Strategy Can Grow Your Business. I spoke with these stakeholders about the challenges, but also opportunities, that SCA will bring to the payments industry.
Katrin Boettger: The SCA deadlines are getting closer. What do you perceive to be the general readiness of the industry, both in Europe and in the U.K.?
Amanda Mickleburgh, Director – Fraud Management, ACI Worldwide: It is fair to say that right now there is still a large degree of unreadiness in the market. SCA is a “big beast” – in terms of legislation, compliance requirements and technical enhancements that organizations need to be make. The current pandemic has made it difficult for many businesses to complete deployment and conduct enough testing in time for the deadlines, which further compounds the challenge! But we are working actively with our customers and offer them a series of tools and solutions to ready themselves, whether payment service providers (PSPs), acquirers, issuers or merchants. This addresses SCA as well as the issue of SCA exemptions.
Paul Rodgers, Chairman, Vendorcom: I agree that there is still a lot to do for all of us. The industry is very complex and diverse with an interdependent ecosystem. Looking at it in its totality, the level of preparedness is relatively low. But preparations have been stepped up by the national competent authorities across Europe, particularly in the U.K., which is really moving the agenda forward.
KB: From a merchant’s perspective, do you think everyone understands the role they now play in applying exemptions and maybe the control they have in being able to define some of those exemptions?
Johan Carlsson, Commercial Manager, IKEA: At IKEA we have two focus areas. First of all, there’s compliance, so we are working hard to upgrade to the EMV 3D Secure (3DS2) standard. Second, is it to offer a better customer journey. But by doing that, we also use the opportunity to employ 3DS2 and exchange more information, leveraging this information for improved fraud prevention. We leave all the exemptions to issuing banks at this point.
KB: From a financial backend perspective, how can value added solution (VAS) providers support merchants with exemption strategies?
Ralf Hornberger, Global Strategic Partnerships, Arvato Financial Solutions: Our merchants show a high level of creativity right now. What we are seeing is that many are offering deferred payments, for example, especially larger ones, so the customer does not have to actually pay during checkout. They offer” buy now, pay later” options, but also ask people to do bank transfers. Obviously, these are all strategies to circumvent the new rules, to deal with the new situation and keep their businesses running.
KB: Michael, maybe you can offer us an overall picture of the level of readiness as perceived by the Mastercard network, given that you have the luxury of seeing the whole picture end to end?
Michael Sass, Vice resident – Product Management, Mastercard: There is some good news and some bad news that really requires us to focus on specific segments of the market. The good news, we are seeing that roughly 80 percent of the issued cards are ready for 3DS2, the new authentication protocol that the whole industry is shifting towards. The other important milestone we have seen is that 3DS2 performance has massively improved over the last few months and is now actually better than 3DS1.
Merchants should now really focus on deploying EMV 3DS with gusto, because in three months 3DS is going to be a requirement as part of PSD2 and EMV 3DS works better than 3DS1.
KB: Marcus, representing the issuing banks, how do you approach SCA?
Marcus Brandel, Head of Card Fraud Prevention, Swedbank: We as an issuer will use the exemptions – all of them that are available – starting with the easy ones; lower value payments, recurring payments like parking and transportation, contactless, etc. We want to be very thorough in how we implement our exemption strategy because we really want to simplify things for acquirers, merchants and PSPs.
But we look at SCA not just as a new compliance demand. Going forward, I believe SCA is going to trigger more changes in our, and many other, organizations. If you look at how a typical issuer organization is formed today, you have the fraud departments, you have security, you have compliance, you have the reporting statistics department, and so on. The new legislation has such a crucial impact on all those different parts of the organization that today aren’t necessarily so integrated. You need to align these parts of the business and develop a sustainable strategy to secure your business as a card issuer.
Please click here to listen to the recording of the webinar. ACI has also developed an industry-specific SCA resource center to help banks, merchants, issuers, acquirers and PSPs.
Related Blog Posts
Three Critical Factors for Successful Central Infrastructures in a Real-Time World
Financial institutions are now working harder than ever to modernize their payment systems and infrastructures to meet new market demands—and consumers who want immediate experiences.
Comment DXC Technology et ACI Worldwide adressent-ils les enjeux règlementaires en Europe?
En Juillet dernier, Le conseil de gouvernance de l’ECB a pris une décision importante concernant le futur des paiements en Europe. En demandant aux PSP participants au système TARGET2 de se connecter à TIPS avant Novembre 2021. Dans le même temps les ACH domestiques devront effectuer le transfert de leurs comptes techniques vers TIPS.
The Role of Regulation, Collaboration and Competition in Pushing Forward Payments Modernization
While geographic regions have taken their own approaches to payments modernization, they all face some common challenges – a principal one being adoption of real-time payments, which is central to successful payments modernization projects. I spoke to some of the top minds tackling real-time payments adoption in key markets, including the U.S., Canada and the U.K.
The Role of Southeast Asia’s Central Payments Infrastructure in the Emerging Pan-Regional Network
The benefits of a real-time, cross-border payments network in Southeast Asia are clear. As the region’s economies continue to grow, a cross-border payments network will facilitate faster cross-border commerce at a lower cost.
Central Infrastructure for Real-Time Payments: Overcoming the Final Hurdle [Mastercard Q&A]
Traditionally, Sibos has been focused on high-value cross-border payments, but – as with so much of 2020 – times are changing. High- and low-value cross-border payments are converging, and the rich-data standards that are emerging for real-time payments will further accelerate this trend. The big challenge will be, how do we deliver on the promise of end-to-end, global real-time payments?
Central Infrastructure for Real-Time Payments: Overcoming the Final Hurdle [Mastercard Q&A]
The modernization of cross-border payments has brought transparency, certainty and speed to international business. However, the long-term success of new innovations, such as SWIFT gpi and Universal Confirmations, hinge upon real-time, end-to-end, data-rich transaction flows.
From API to AI to I: Banking Tech Gets Personal
Tired feet. Running out of business cards. Countless LinkedIn connections – sound familiar? This time of the year is conference season; the annual SIBOS (SWIFT) and Money20/20 USA gatherings spanning the autumn give attendees plenty of hot topics and talking points. My American colleagues refer to this season as “the fall.” I trust this to be an observation on leaves and fruit rather than a sequitur on the state of the fintech industry. Either way, it’s a good time to harvest, to take stock and to work out what we should be doing with the apparent abundance of innovative produce.
How Do You Drive Full Value from SWIFT gpi?
As part of SWIFT and ACI Worldwide’s joint mission to accelerate adoption of SWIFT gpi, ACI’s SWIFT gpi global marketing lead Zhenya Winter spoke with Daniel Lynch, Data Analytics and Payments Innovation Lead at SWIFT, and ACI’s Global Head of Real-Time Payments, Craig Ramsey, about some of the key questions raised by attendees of our second Global Webinar: Drive Full Value from SWIFT gpi. The relevancy of these was reinforced at Sibos 2019, the SWIFT community’s annual conference, which recently took place in London.
How to Maximize the Value of Partnerships Between Fintechs and FIs
The LATAM Open Banking & Fintech Partnership, organized by Connect Global Group, was held earlier this year in Mexico City, and ACI participated as one of the forum partners driving discussions on how to maximize value from collaborative partnerships between FIs and Fintechs. We explored the invaluable benefits of open API and strategies to differentiate the offerings of FIs and Fintechs, address consumer demands, and best practices for implementation aligned to regulatory requirements.