Strong Customer Authentication (SCA) regulations coming into effect in Europe in mid-September 2019
“People are sleepwalking into it” said John Collison, Stripe’s co-founder and president to Tech Crunch. Does he have a good reason to worry? India experienced a 25% drop in online sales when a similar directive was rolled out. It will certainly have implications on big businesses like Amazon, but what about small online businesses like coaches and consultants?
The new Strong Customer Authentication (SCA) regulations coming into effect in Europe in mid-September 2019, is part of Payment Services Directive 2 (PSD2), a wider payments directive that started being implemented across Europe in January 2018. The idea behind it is that people buying online will be required to provide two-factor authentication – in layman’s terms, this means verifying or confirming a transaction in two different places such as entering a pin code on your phone to authenticate an online transaction.
(It’s a bit like the pin you get on your phone when you switch on Gmail’s two-factor authentication. )
The RTS outlines three types of authentication factors to prove your identity when purchasing online:
-Something you know like a password or PIN.
-Something you have/own, like as a device or a credit card.
-Something that verifies your physical presence, like a fingerprint or other biometric information like face recognition/scanning.
This can work very smoothly when it’s implemented efficiently. Especially using mobile apps. In fact, Stripe has recently made an acquisition in this direction – Touchtech Payments, a startup out of Ireland that works with banks around Strong Customer Authentication (SCA) and verification processes. They are also preparing for the changes by upgrading their APIs.
Paypal similarly has invested in Tink, the European open-banking platform – a strategic move that will help PayPal navigate PSD2. SCA technology is paving the way for biometric authentication and integration of online purchases through authentication using wearable devices.
So it is forward-looking technology that will unfortunately temporarily disrupt the status quo. To make things a little smoother there will be some exceptions.
When buying something under €30 or on a recurring billing schedule (like a membership or monthly subscription, transactions will be exempt from authentication – there will also be a whitelisting system that allows users to add merchants to a list – this will allow you to purchase from sellers you trust without the double authentication.
But for some, it may sound complicated, so some people will hold out in the beginning.
Who needs to prepare for SCA?
Businesses that are based in the European Economic Area Or/and businesses that serve customers in the EEA/EU and take payments online/accept cards or debit cards online. If you’re a coach or consultant selling online, you might experience transaction problems if you do not get informed and put the right tools into place.
How to prepare for SCA:
1. Understand how this will impact your business
2. Decide which SCA-ready product is right for your business (check out the list below)
3. Make changes before September 14, 2019, to avoid declined payments (run some tests before the effective date)
Here are some important pages to visit based on your current checkout process:
1. Paypal’s PSD2 site – https://www.paypal.com/uk/webapps/mpp/PSD2
2. Stripe: https://stripe.com/docs/strong-customer-authentication
3. Square: https://developer.squareup.com/blog/what-you-need-to-know-about-strong-customer-authentication-sca/
4. Braintree: https://www.braintreepayments.com/blog/understanding-and-preparing-for-psd2-strong-customer-authentication/
If you feel this still left you a little bewildered here’s some further reading to help you understand the basics: