ACI Blog

What Merchants Should Do To Ensure They Don’t Miss the SCA Deadline

Just as we emerge from one of the most turbulent years most businesses have ever experienced, the enforcement of strong customer authentication (SCA) under the PSD2 directive has hit for merchants across the EU, with the U.K. set to follow in September 2021.

The changes brought through PSD2 and SCA affect every player in the payments value chain. Understandably, many merchants believe that these changes are now fully out of their hands and they are – once again – at the mercy of their acquirers when it comes to the payment authorization flows. However, this isn’t entirely the case. Here’s why:

The impact of SCA

First, a small recap – because context really matters on this issue.

SCA is designed to more accurately authenticate customers in order to reduce fraud rates. 3D Secure 2 (3DS2) is widely recognized as the right tool for meeting the authentication requirements of SCA; it uses multi-factor authentication, is suitable for all devices and avoids the same level of friction as its predecessor, the original 3D Secure.

While the liability shift for SCA transactions means that a fraud hit will usually be taken by the issuer or acquirer, if an SCA exemption is applied, whoever applied the exemption is then liable for that transaction if it does turn out to be fraud. In some circumstances, where an acquirer applies an exemption, they could pass liability back to the merchant.

Without proper attention around exemptions, SCA has the potential to have a very negative impact on merchant profitability. Not only could merchants be saddled with the cost of fraud passed across from acquirers, but the added friction from too many SCA transactions will undoubtedly lead to cart abandonment and damage customer relationships.

What can merchants do?

Issuers will focus on ensuring the cardholder checking out on a merchant website is the legitimate cardholder and not a fraudster. If they are unsure, then they will naturally ask the consumer to authenticate, which can frustrate the consumer and cause cart abandonment. Acquirers, meanwhile, are rightly focused on minimizing fraud on their platforms. For merchants, this means that leaving authentication and exemption logic to their acquirers could risk negatively impacting customer experience.

Merchants can influence the outcome of the transaction by using exemptions to minimize friction from issuer authentication requirements and potential customer insult from issuer declines.

Here’s how:

  1. Jointly agree upon exemption strategy with acquirers to push for the exemptions you want and a comfortable level of risk
  2. Check if you are providing enough data to justify the exemption and limit the number of authentication requests
  3. Keep a close eye on authenticated fraud rates – you may not be liable for them right now, but left unchecked, this will become a problem
  4. Make sure you’re offering “trusted merchant” whitelisting capabilities in the checkout process, so your regular loyal customers can use a frictionless flow.
  5. Consider adopting a multi acquiring strategy – if your primary acquirer breaches Transaction Risk Analysis (TRA), then it will introduce friction in the checkout flow which could lead to consumers abandoning orders

Above all, it is vital to monitor fraud KPIs diligently and keep fraud rates low through comprehensive fraud screening. For transactions to be exempt from SCA, a merchant’s fraud rate must remain low enough not to pull down the overall fraud rate of the issuer or acquirer. It’s also critical to make sure transactions are still screened that are outside of the scope of SCA, and not risking scheme fines or customer fallout through inadequate fraud prevention strategies.

In a nutshell…

Never before has the payments ecosystem been so reliant upon each participant to ensure a successful payment flow. All involved—from the consumer to the merchants, the acquirer and the issuer (and everyone in between)— need each other to keep payments flowing.

This means that merchants do have a say; they can influence the impact of SCA and keep the balance between fraud prevention and delivering a low-friction customer experience.

Ultimately, it’s customers, conversion rates and fraud liability at stake – merchants must take action to make sure control isn’t taken out of their hands.

For more detailed insight and advice on Strong Customer Authentication, visit our SCA Resource Center for Merchants

director – Merchant Fraud Product

Amanda brings more than 15 years’ experience working in fintech to her current role as product director for ACI’s Merchant Fraud solution. Since joining ACI in 2007 she has held roles across sales, strategic relationship management and product management, with a specific focus on eCommerce fraud prevention. Amanda’s specific expertise is in leveraging data to enable risk-based screening for authentication, machine learning, artificial intelligence and behavioral analytics. Amanda applies these emerging technologies to payment fraud detection and prevention strategies. She also has a particular interest in using data intelligence for aiding conversion and removing friction from payment flows, helping to create value for ACI’s customers and key stakeholders.