How to ensure SCA is a Business Positive

How Merchants Can Turn SCA & PSD2 Challenges into a Business Boost

Catherine Malec

Oct 19, 2020

Payments Services Directive (PSD2) is a European directive to make payments more secure.  PSD2 includes Strong Customer Authentication (SCA), which will be enforceable within the European Economic Area (EEA) at the end of the year, and requires robust fraud prevention checks for online transactions.

The rule’s Strong Customer Authentication provision mandates that account ownership must be verified by two out of three acceptable, distinct factors:

  1. Something inherent to users, such as a facial scan or thumbprint
  2. Something they possess, like a smartphone
  3. Something they know, such as a password

Certain recurring subscriptions and all anonymous pre-paid payments are not within the directive’s scope. In addition, merchants may secure exemptions for higher-value transactions based on the issuer or acquirer’s fraud rating. The lower the fraud rating, the larger the transaction that is eligible for an exemption, although the issuer makes the final decision on whether to grant an exemption request.

Turning SCA Compliance into a Business Positive

Merchants who consider these regulations burdensome may be less likely to implement them before the deadline. This means progressive online sellers will have the opportunity to gain momentum over others, educate their customers, and find ways to preserve frictionless buying experiences while establishing themselves as an advocate for their customers’ financial security.

Companies that can demonstrate adherence to the rules while maximising legal concessions may be able to take advantage of a business boost before and after the rules become mandatory. Developing and implementing an SCA strategy quickly puts merchants in a position to integrate, test, and socialise their authentication strategies and processes with credit card issuers, acquiring banks, and payment service providers (PSP) to ensure they can exchange appropriate customer information consistently and reliably.

More importantly, eCommerce companies that reach compliance with SCA regulations may increase the number of transactions that proceed smoothly with no friction, and minimise elevated user authentication, resulting in more approved transactions, helping their banking and payment service partners maintain better fraud ratings and trim operating costs.

Partnering with Accertify

Partnering with a professional services firm with expertise in Strong Customer Authentication can aid online sellers as they navigate through this era of increased fraud threats and greater customer demand for convenient, hassle-free online shopping experiences.

Accertify offers a holistic solution that eliminates the problems that can arise from using a piecemeal assortment of bolted-on compliance and security components. Our solution provides end-to-end protection across channels and leverages our proprietary machine learning technology, so our decision engines constantly improve to stay a step ahead of the always-shifting threat environment.

Accertify’s preauthorisation package ensures each transaction is handled properly and efficiently. The platform is fully configurable and includes fraudulent transaction screening, SCA scope and exemption determination plus acquiring bank prioritisation and routing functionality.

Accertify’s preauthorisation works as a “gatekeeper” by analysing transactions prior to invoking the 3DS2 protocol.

Accertify SCA Optimisation examines each transaction request to determine one of several possible outcomes:

  1. If the transaction is out of PSD2 SCA scope, for example the issuing bank is outside the EEA, the purchase can proceed with no further scrutiny for frictionless processing.
  2. For a more significant, in-scope purchase, SCA Optimisation determines which, if any, criteria could warrant an exemption. It then analyses whether requesting the exemption conforms to the merchant’s payment strategy. The rationale for not seeking an exemption includes the risk that chargeback liability could revert to the merchant and the likelihood that the transaction is fraudulent, which could damage the acquirer’s credit score.
  3. The platform will enable merchants to prioritise acquirers into a preferred order. This ordering is managed by the merchant and may, for example, be based on processing costs. The SCA logic will check each acquirer, in sequence, to identify which has the appropriate TRA threshold for the transaction value. This is ensures the recommended acquirer field, which is passed back to the merchant, will reference their preferred acquirer for that transaction.
  4. Transactions not eligible or deemed too risky for exemption requests are subject to PSD2 SCA. Accertify’s decision engine interfaces with the industry-standard 3D Secure version 2 (3DS2) protocol to coordinate the sharing of customer, device, location, and other information between banks, PSPs, and merchants to ensure compliance. The data flow enables faster decisions based on complete information by operating in the background while the user is still shopping and has not yet reached checkout to mitigate the perceptible effects of this additional layer of security. Companies that use 3DS2 can offer customers multiple ways to authenticate their accounts, rather than using the standard one-time password.

Contact Accertify to discover how our sophisticated decision engine and Strong Customer Authentication Solution can be optimised to your eCommerce strategy and workflow.