The Payments Association (formerly The Emerging Payments Association (EPA)), has announced the release of its new report ‘The Long and Winding Road to SCA: UK Readiness Status and Key Learnings from Europe’. The report takes the pulse of the payments industry to determine the status of Strong Customer Authentication (SCA) compliance, the learnings from Europe, the best practices to be followed and the outstanding challenges that must be overcome.
The Payments Association conducted a comprehensive research programme through in-depth interviews with representatives from international networks, issuers, acquirers, gateways, retailers, technology providers and trade associations.
SCA compliance requires the authentication of customers using multiple factors from possession, knowledge and inherence elements. It is required as part of the Payment Services Directive (PSD2), to prevent remote purchase card fraud, a problem that has grown significantly over recent years – 170% in the UK since 2011. Although SCA was originally planned to be enforced throughout the European Economic Area (which the UK remains a part of post-Brexit) in 2019, but a lack of market readiness, uncertainty over the underlying standards and the impact of covid-19 meant that the UK deadline was pushed back to January 2022.
Helped by this additional time the UK issuers, acquirers and gateways are largely ready from a compliance perspective. Large eCommerce merchants have also been busy implementing EMV 3DS technology to authenticate their customers and are expected to be ready but have been reluctant to be early adopters due to fear of cardholder confusion leading to checkout abandonment. SME merchants however remain an area of concern as many appear not to have taken the necessary actions and so are expected to see an increase in the number of declined transactions in the new year.
With this UK deadline now only three months away it is vital that all stakeholders focus their attentions on optimising the SCA payments experience, by maximising the use of exemptions, correctly flagging transactions, complying with MIT frameworks and reviewing how in-app payments are handled. The industry is planning a sprint ramp-up plan, starting on January 18, that will see an increasing number of transactions being ‘soft declined’ in escalating phases, in order to ensure all parties are ready by March 14. Heightened monitoring and rapid issue resolution will be required during this short time ramp-up period and for the initial months following enforcement.
Encouragingly, the study has found that remote purchase card fraud levels have started to decline in Europe since the start of active enforcement of SCA with issuers seeing the average value of fraud fall by 33% and the volume by 50% according to EBA data. The most popular technologies being used to achieve SCA compliance are EMV 3DS, face and finger biometrics, behavioural biometrics, mobile banking apps and digital wallets. The report also found that the most popular SCA exemption is the Transaction Risk Analysis.
Tony Craddock, Director General at The Payments Association, commented, “Although challenges remain, especially amongst SMEs, the data we have gathered is extremely encouraging. We have seen that the financial services and fintech sectors have prepared well, used the additional time wisely and are ready for the upcoming deadline.”
He added, “The early signs are that SCA is having a positive impact on European card fraud levels, and we look forward to seeing similar declines in the UK. We do though have to remain vigilant as criminals have a habit of seeking out new ways and places to attack. Financial Crime prevention is an ongoing fight.”