New Security Measure Could Block One-Third of Online EU Purchases, Cost Merchants More Than €100 Billion

29th September 2020
Toby McFarlane
Toby McFarlane


European merchants struggling with the coronavirus pandemic risk losing more than €100 billion in online sales next year if not given more time to prepare for a new two-factor authentication mandate intended to reduce credit and debit card fraud, according to research released today by independent payments consulting firm CMSPI.

“We have to accept the fact that 2020 has been an exceptional year,” CMSPI Head of Approvals and Fraud Toby McFarlane said. “Both merchants and card issuers have clearly been busy with the pandemic and neither have had the time to give this important new technology the attention it requires. Putting these barriers up when the industry has not been able to properly prepare is going to result in frustration for millions of consumers and lost sales for retailers at a time when they can least afford it. Payment security is one of merchants’ top priorities, but they need the time to do this right. This is particularly bad timing because store shutdowns have made retailers rely on online sales for more of their revenue than ever before.”

Beginning in January, EU banks that issue payment cards will be required to comply with the Strong Customer Authentication mandate, an EU banking regulation intended to make online payments more secure, and will begin using 3D-Secure Version 2.0, an authentication protocol developed by the major card schemes. Merchants that accept online card payments will be required to support 3DS2.

But CMSPI’s new SCA Economic Impact Assessment report says the technology “remains relatively new and unproven” and “adds significant unnecessary friction to the online commerce experience.” While banks may be satisfied that 3DS2 is compliant with SCA, “European merchants need solutions that are both compliant and consumer friendly,” the report said.

Transactions are rejected if the customer fails to provide the required two of the three steps – knowledge, inherence, or possession associated with the mandate – and the process adds between 60 seconds and two minutes to the checkout process. Testing shows 25 percent of 3DS2 transactions are abandoned by consumers, compared with single-digit numbers without the technology.

Overall, testing shows 35 percent of 3DS2 transactions fail to go through, either because they are declined, abandoned by frustrated consumers or because of technical errors. If not corrected, that would amount to €108.1 billion in lost sales based on 2019 sales volume, the report said. Ironically, that is almost 100 times the annual amount of card fraud – the problem SCA and 3DS2 are intended to solve. The number excludes transactions made with digital wallets such as Apple Pay or PayPal, which have their own SCA-compliant solutions that add significantly less friction to checkout.

Consumers often blame retailers for online delays, and large retailers with the resources to minimize delays are likely to win customers from smaller retailers that do not, the report said. Small retailers account for €69.4 billion of the sales at risk, compared with €38.7 billion for large merchants.

The deadline was set by the European Banking Authority before the outbreak of COVID-19, and only 65 percent of EU banks that issue payment cards are ready, according to the report. Most merchants are only in the testing stages, and the lack of more banks being ready makes reliable testing with those banks’ customers impossible. The United Kingdom has pushed back compliance until September 2021 because of the pandemic but EU officials have refused.

The 22-page report breaks out the impact of SCA on France, Germany, Italy, Spain, Belgium, Netherlands, Poland, Sweden, Denmark, Finland, Iceland and Norway.

To read this press release in Spanish please click here.
To read this press release in German please click here.
To read this press release in Italian please click here.

Download the full report (in English) by clicking the image below:

SCA Economic Impact Assessment – from CMSPI

For questions about the report contents, or for press enquires please email Alex Ellwood, Head of Merchant Advocacy at

You Might Also Be Interested In These...

Managing Payments is Harder than Ever: CMSPI’s Three-Pronged Performance Optimisation Guide for 2022

In this article, CMSPI looks at the three pillars that should be the focus of every merchant, for every payment method, in the year to come.   

Read More >
Fraud Strategy: 4 Challenges Every Merchant Needs to Overcome

In this blog, CMSPI has identified the four challenges to overcome and boost the performance of their fraud strategy.

Read More >
Strong Customer Authentication (SCA) – Impact Assessment – September 2021

Our analysis of September data yields an estimated European failure rate on transactions of 29% compared to 26% in August 2021.

Read More >
Strong Customer Authentication (SCA) – Impact Assessment – August 2021

Our analysis of August data yields an estimated European failure rate on transactions of 26% compared to 24% in July 2021.

Read More >
Download the full report