Skip to main content

EU Introduces SCA To Protect Online Payments

By 9th October 2019Blog4 min read

Online customers are set to benefit from better protection when they send financial details over the internet thanks to new rules from the European Union (EU).

The organisation has introduced Strong Customer Authentication (SCA) as part of its Payment Services Directive, otherwise known as PSD2.

This works by adding another step to verify the customer’s identity when purchasing online or sending money over EUR 30 (£26.60) as a means to improve online security.

As a result of the new directive, countries within the European Economic Area (EEA) have to ask for at least two forms of authentication, either through a password or PIN, by a phone or hardware token, or using fingerprint or face recognition software.

The majority of card payments will now be conducted with respect to SCA, and all bank transfers whereby both the business and cardholder’s bank are in the EEA will require this extra verification too.

While the new legislation was introduced earlier last month (September 14th), British businesses that have not updated their ecommerce systems yet have a year and a half to do so.

Indeed, the Financial Conduct Authority (FCA) confirmed last month that online retailers, payments firms and card issuers will be given 18 months to implement the new identity and payment procedures on their websites to avoid any drop in customer satisfaction.

Jonathan Davidson, the executive director for supervision – retail and authorisations at the FCA, stated: “The FCA has been working with the industry to put in place stronger means of ensuring that anyone seeking to make payments is not a fraudster. While these measures will reduce fraud, we want to make sure that they won’t cause material disruption to consumers themselves.”

Before this deadline, however, Britain is due to leave the EU on October 31st. This could mean businesses will not need to comply with the new legislation if they are no longer part of the EEA, making it confusing for many organisations to know whether they should start making changes to their software or put it off before a clear Brexit strategy is revealed.

Michael Cocoman and Oliver Godement from Stripe suggest it could be prudent to begin making alterations irrespective of Brexit, even if Britain ends up leaving the EU without a deal at the end of next month.

They stated: “We expect SCA regulation to be enforced in the UK, regardless of the outcome of Brexit.”

Therefore, companies could consider managed IT services to help them introduce this function to their ecommerce facility. This will ensure they get the process working and tested appropriately before the 18-month deadline approaches.

Doing so will mean customer experience is not disrupted and users can enjoy the same ease and enjoyment purchasing from their websites as they did before.

This is particularly important, as some IT experts believe adding another hurdle to the online shopping experience could have a detrimental impact for retailers.

Mark Thompson, co-founder of PayKickstart, told The Next Web that SCA could deter shoppers from fulfilling all the verification steps before making a purchase, thereby causing websites to lose sales.

“Too many restrictions can hurt them in the long-run, as businesses start to struggle,” Mr Thompson predicted.

Therefore, updating IT software so the ecommerce process is as smooth and easy as possible for customers may, in fact, be even more important in the future.