New anti-fraud regulation in Europe mandates that businesses adhere to SCA norms while processing online payments. But how does this affect you, and what should you know?
New anti-fraud regulation in Europe
E-commerce in Europe saw its biggest year ever in 2020, making over USD 425 bn. And, it is getting bigger, projected to reach USD 465 bn in 2021. This is 30% higher than before the pandemic struck. Millions of shoppers flocked to shop online, many doing so for the first time, as they were locked down indoors. But, with more shoppers going online, fraudsters have not been far behind.
Online payment fraud has been on the rise across the globe. In fact, research predicts that global losses from online payment fraud will exceed USD 206 bn over the next five years. This is expected to be driven by identity fraud. Fake identity and account takeover fraud has surged during the pandemic. This brings entire user accounts and associated payment data under threat.
But, governments and businesses in Europe are fighting back.
New regulations such as PSD2 and SCA have been in force to protect consumers and businesses from online fraud. And progress has been good. A recent report from European Banking Association says that 99% of EU merchants are now able to support SCA. And, in 2020, UK managed to reduce card fraud losses by £ 46 mn. But still, a lot remains to be done.
Merchants have to make it their topmost focus to combat fraud. They have to insist on digital identity verification. They also have to adopt machine learning‑based fraud prevention tools to up their threat mitigation game.
What is 3-D Secure, and how does it fight fraud
In simple terms, 3-D Secure is a security process that protects users from online card fraud. When a user makes a payment online using a credit or debit card, 3-D Secure verifies it using two of three factors:
- Something the user knows, such as a PIN or password
- What the user has, such as a card, token, or phone
- Something the user is, such as a fingerprint or iris scan
The payment is approved only after these details are provided by the user. This added layer of security helps to reduce fraud, while shoppers can enjoy a safer buying experience.
3-D Secure provides merchants with several benefits. First, it builds trust and fosters greater brand loyalty from customers. Second, it reduces the cost per transaction. And third, it protects merchants from fraud-related losses by shifting liability in case of fraud-related chargebacks to the bank that issues the card.
Since 31 December 2020, all online payments in Europe have to follow Strong Customer Authentication or SCA. In the UK, the same applies from 14 September 2021. This means all merchants taking payments from the EU, Norway, Iceland, and Liechtenstein (and soon the UK) have to meet SCA regulations. 3-D Secure helps merchants meet all requirements of SCA.
While 3-D Secure has proven to be a great tool in fighting fraud, its earlier versions were known to affect conversions, especially on mobile. The original version used static passwords, which made the checkout process clunky. As shoppers didn’t always remember passwords, it led to cart abandonment and lost revenue for merchants. This increased the number of pain points in the customer payment journey.
The latest version of 3-D Secure deals with all of these past issues.
What is 3-D Secure 2.2, and why do you need it
3-D Secure 2.2 is the latest version of 3-D Secure, and it is built with a greater emphasis on the customer experience.
3-D Secure 2.2 offers several user-friendly features such as biometric scan and in-app authentication. It also works with e-wallets such as Apple Pay or Google Pay, which makes the authorization process much smoother.
A clever feature of 3-D Secure 2.2 is that it allows merchants to set up recurring payments from customers. This could be a monthly subscription or a gas or utility bill payment. The merchant applies SCA to the first payment, but all subsequent payments don’t require it. The customer does not have to type in a PIN or password every time a payment is made. Instead, the merchant can execute the payment from their side, even when the customer is offline.
3-D Secure 2.2 also lets merchants pre-screen their customers and classify them as low-risk. Future payments made by these customers do not have to go through SCA. This way, these ‘whitelisted’ low-risk transactions are approved easily while high-risk transactions go through further checks. This is called Delegated authentication.
Decoupled authentication is another feature of 3-D Secure 2.2, which separates the payment from the authentication process. This allows merchants to collect payments but authenticate them later, even up to seven days.
This type of authentication can also take place when the cardholder is offline. Or in the background, for example, during a telephone call. The payment would be carried out smoothly without requiring the customer to get off the call.
How can your payments partner guide you
EU has now mandated enabling 3-D Secure. And it brings great benefits, both for shoppers as well as merchants. You must speak to your payments partner to implement 3-D Secure or update your existing version. This will also ensure you remain compliant with all the latest regulations on SCA in Europe. The right payments partner will work with you closely and guide you with the right counsel to get the best out of your payments process. To know more, talk to your payments partner today.
Gowri Shankar is the IT Application Security Manager at Novalnet with versatile knowledge in Programming and System/Security architecture. Having 11+ years of experience in the financial services industry, Cybersecurity, Payment Card Industry Data Security Standard (PCI DSS). Certified in Advanced Payment Card Industry Security Implementer (CPISI 2.0), Secure Software Lifecycle Professional (CSSLP) from (ISC)².