After multiple delays from the initial 2019 deadline, the new rules mean that all non-exempt transactions in the UK must undergo a two-step verification process. Designed to reduce payment fraud, transactions must now be authenticated via two of:
- Something only the customer knows, like a PIN
- Something inherent to the customer, like their fingerprint or face ID
- Something only the customer has, such as their card or a phone
While there are exemptions for the likes of contactless transactions in-store, SCA requirements are much harder to meet in the online environment, creating concerns over lost sales as good transactions are declined and customers abandon their baskets due to additional friction at the checkout.
Sales at Risk
As part of the EU’s PSD2 regulation, most EU countries’ SCA deadlines came at the end of December 2020. By September 2021, CMSPI analysis suggests that the average failure rate for challenged* transactions still sat at a staggering 29%. Those failed transactions are rarely down to the merchant, but still placed an estimated €90bn of their sales at risk²– 40 times the value of fraudulent transactions in the SEPA region in 2018.³
Could a similar pattern emerge in the UK? To ease the transition, the Financial Conduct Authority encouraged issuing banks to begin early SCA enforcement throughout February. According to Barclays, last month alone saw £3.64 million worth of payments declined as a result.⁴
What’s Next for Merchants?
To avoid risking millions in lost sales, it is more crucial than ever that merchants implement an effective SCA strategy that takes full advantage of the exemptions, new payment methods, and issuing bank relationships at their disposal. That’s alongside analysing the multiple changes to fees associated with use of 3D Secure – a technology designed to securely facilitate online transactions – earlier this month. With merchants across Europe already paying 3x more for fraud prevention than they lose to it⁵, the UK retail sector must come prepared to ensure they are not losing good customers to the SCA process.
*Transactions that are ‘stepped up’ to require two-step authentication
- September estimates