How Strong Customer Authentication Can Support Frictionless Commerce

It’s 8.20am on Monday, 16 September, 2019, Alexandra is walking to work in Copenhagen and buying herself a book on her cellphone that she’s been recommended by her favourite online bookstore. While checking out, she is asked to verify her identity with a one-time passcode sent by SMS – it’s the first time she’s been asked this. She’s in a rush and doesn’t have time to key in the code. She didn’t really need the book anyway, so abandons the transaction, gets on with her day and forgets all about it.

If Strong Customer Authentication (SCA) is implemented badly, this scene could be repeated millions of times across Europe with consumers giving up on online transactions. All the work to make online payments frictionless could be for nothing, with merchants losing sales and issuers being disintermediated as consumers start to look at alternatives such as real-time payments.

In fact – based on figures for 2018 – nearly 21 billion transactions this year could be at risk. This was not, of course, the intention when Strong Customer Authentication was first conceived which was to support the aims of PSD2 to enhance consumer protection, promote innovation and improve payment security.¹

But there is a real risk of online shopping carts being abandoned across Europe from 14 September onwards if the regulation is misinterpreted. Already issuers, acquirers and merchants across Europe have signalled they will be taking very different approaches to SCA.

Many issuers have so far shown a cautious approach which means consumers will potentially encounter higher levels of authentication. This need not be the case, as Visa has negotiated a number of exemptions for low-risk items, making it possible to have frictionless commerce while being compliant.

One concern is that while most large merchants are prepared for the September introduction – many smaller merchants across Europe do not yet have the compliant technology in place. With a significant number of online merchants not yet prepared for SCA, there is a risk of significant declines as payments come into the issuer as an unauthenticated transaction with no other information. Some issuers will take a rational risk-based approach and authorise transactions based on their own risk models – however, others will move straight into decline. The experience risks being inconsistent and confusing for consumers.

Contis, an end-to-end banking and payments solutions company, which is helping organisations prepare for SCA has seen how biometrics is the preferred form of two-factor authentication.  This confirms Visa research that found among over 10,000 cardholders, 73% of global consumers would be comfortable using biometrics to make payments

Jason Ollivier, Chief Disruption Officer at Contis, said: “Digital-first banks – including traditional banks that have mobile-first solutions – see biometrics as the minimum requirement. Biometrics give a strong level of security because fingerprints and faces are unique to the individual and the process is seamless for the user.

¹ http://europa.eu/rapid/press-release_IP-18-141_en.htm

² https://visa.invisionapp.com/share/H8PTGCA7M6W#/screens

All brand names, logos and/or trademarks are the property of their respective owners, are used for identification purposes only, and do not necessarily imply product endorsement or affiliation with Visa.