PSD2 SCA and 3D Secure 2: What to expect in 2021?
This week we had the pleasure to listen and participate in several discussions at the Merchant Payments Ecosystem 2021 virtual event where we can strongly say PSD2, SCA and 3D Secure 2 (3DS2) have been, as expected, the most discussed hot topics in many panels from both merchants and payment service providers/ vendor sides. As we are now in the middle of the SCA transition journey, we have decided to write down a couple of our recommendations, for merchants and payment service providers, on what we see necessary to be done in 2021 to tackle the SCA challenge in the most convenient and frictionless way for the end-users.
National Competent Authorities PSD2 enforcement plans
For many countries within the European Economic Area (EEA), Strong Customer authentication requirements are already fully mandated, independently from transaction amount thresholds. Be sure that you stay informed and up to date, keeping an eye on the various soft-decline transition plans in 2021 fro Strong Customer Authentication.
You can take a look to the full enforcement list on our previous blog article about it.
SCA and 3D Secure 2 Performances are improving, but still much needs to be done.
We have seen that the volume of 3DS2 transactions has nearly doubled compared to the end of 2020, with the majority of merchants very closed to full PSD2 requirements compliance for specific use cases such as Merchant Initiated Transactions (MITs). Nevertheless, issuer performances have been different in January, and we have seen some technical issues which are being/ will be tackled as soon as possible by the different providers within the payment chain. Some errors are purely related to incorrect flagging on the authorization level ( Incorrect SCA exemption or exclusion flag or missing Directory Server Transaction ID) while others are related to the authentication phase ( incorrect characters, merchants sending not accurate 3DS2 fields, issuers having issues while authenticating customers in mobile app environments).
Smart logics as key for 2021 SCA success
Payment Service Providers and Vendors such as Risk Management Providers have an enormous role in offering to merchants solutions advanced features to leverage data intelligence and optimizing conversion rates within this transition phase. If the new 3DS2 data and issuers behaviour are utilized in the best way, merchants can minimize abandonment and friction caused by a non fully yet perfect 3DS2 solution.
We know that very few merchants in the market can build advanced engines fully on their own, that’s why we say: PSPs/Vendors should build SCA Smart engine products – Merchants should decide their SCA 2021 strategies based on those.
If you are a PSP/ vendor needing support with offering an advanced SCA Smart Engine solution to your merchants, let’s have a chat about it.
Is SCA Delegated Authentication a good fit for your business?
The PSD2 RTS (Regulatory Technical Standards) require transactions in the scope of the regulation to be authentication with SCA (Strong Customer Authentication). The answer from the payment industry has been upgrading the old 3DS1 protocol into a new and more advanced 3D Secure 2 (3DS2.1 & 3DS 2.2) solution focused on a way better customer experience, where issuers will authenticate their cardholder following the SCA requirements. Being the quickest solution to achieved PSD2 Compliance, this will be surely one of the most common ways to authenticate customers.
But let’s not forget that there is the possibility to move the SCA authentication step from issuers to merchants, leveraging SCA Delegated Authentication possibilities.
For some businesses, Delegated Authentication can be a very attractive solution with visible benefits in keeping the SCA authentication within the merchant ecosystem ensuring higher authentication rates and a smoother customer journey. Even though we are in the early phases with Delegated Authentication, we strongly recommend to be fully familiar with this solution and to make a decision about including it into your 2021 SCA roadmap.
If you want to learn more about delegated authentication take a look at one of our previous blog posts about it or let’s schedule a chat. This is now becoming a daily topic in our discussions with merchants and Payment Service Providers.
2021 is the “SCA year” for the payments industry, a historical milestone in setting up new security standards for the European continent. Be sure to get the best out of it turning it into a business opportunity!