PSD2: The European Payments Revolution? Part 2c: A Guide to SCA Exemptions

23rd June 2021
Contributor:
Mohammed Patel
Mohammed Patel

Strong Customer Authentication (SCA) is a mandate introduced as part of PSD2 to reduce fraud and make card transactions safer for consumers. In our previous blog post, we discussed some of the issues retailers were facing in relation to SCA and how that is fuelling some of the high rates of transaction failure we are seeing across Europe.

We continue our review of PSD2 in this blog with an overview of transactions that can be exempt from two-factor authentication as part of SCA.

Why are exemptions important?

As discussed during our first blog post on SCA, SCA introduces friction to payments. This is particularly problematic for retailers operating online where relatively small amounts of friction can lead to consumer cart or transaction abandonment resulting in huge losses in potential sales. As such, ecommerce retailers spend a lot of time and effort crafting smooth checkout experiences to avoid customer cart abandonment. Therefore, given the friction introduced, SCA regulation would naturally result in a loss in potential sales for ecommerce retailers. Fortunately, the regulation allows for transactions where SCA is either exempt or out of scope allowing certain transactions to avoid the added friction of two-factor authentication.

Exemptions

As part of the PSD2 regulation, the European Commission tasked the European Banking Authority (EBA) with preparing Regulatory Technical Standards (RTS) on security aspects of payments (See Article 98 of Directive (EU) 2015/2366; Commission Delegated Regulation (EU) 2018/389. These were published in March 2018 and provided details on instances where SCA would not be required on certain transactions. The following table provides details of the various instances where an exemption to the SCA mandate is allowed.

While these exemptions are an important step in trying to find the right balance between managing fraud and minimising transaction failure, merchants are still facing issues (as discussed in our last blog post).

Conclusion

Strong Customer Authentication was expected to introduce further friction to payments. As a result, the EBA produced Regulatory Technical Standards that included guidance on transactions that would be exempt from SCA. While the inclusion of exemptions in the regulation is welcomed, retailers are still experiencing a number of issues in relation to the usage of certain exemptions (as discussed during our previous blog post). Furthermore, even with the inclusion of these exemptions in the regulation, the proportion of transactions requiring SCA across Europe is still extremely high, leading to high levels of transaction failure.

In our next blog post, we will focus on the ban on surcharging introduced as part of the Second Payment Services Directive (PSD2).

You Might Also Be Interested In These...

Resources
08.18.2021
Strong Customer Authentication (SCA) – Impact Assessment – July 2021

Our analysis of July data yields an estimated European failure rate on transactions of 24% compared to 25% in June 2021.

Read More >
Blogs
08.04.2021
PSD2: The European Payments Revolution? Part 4b: Open Banking Adoption

This blog post, our sixth post in our PSD2 series, continues our discussion of Open Banking with a focus on analysing adoption by consumers and merchants.

Read More >
Blogs
07.22.2021
PSD2: The European Payments Revolution? Part 4a: Introduction To Open Banking

This blog post, our sixth post as part of the PSD2 series, continues our review of PSD2 with a discussion of Open Banking.

Read More >
Resources
07.22.2021
Strong Customer Authentication (SCA) – Impact Assessment – June 2021

June data illustrates significant transaction failure with the estimated European failure rate on transactions at 25% compared to 26% in May 2021.

Read More >
Read the full PSD2 blog series