Innovating to maintain trust in the digital-led recovery

At the end of a year that has seen digital payments quickly become a necessity for more and more consumers, the impending enforcement of Strong Customer Authentication (SCA) for e-commerce card transactions in the European Economic Area (EEA) is timely.

The regulation aims to give shoppers greater peace of mind by creating an extra step for many online purchases that is set to reduce fraud and make payments more secure.

However, unless merchants have implemented compliant technology, thousands of transactions risk being declined when SCA is enforced for e-commerce in the EEA from 1 January 2021. This date is subject to any variations by local regulators, including the UK which currently plans to enforce from 14 September 2021.

Last month, Mark Nelsen, Senior Vice President of Europe Products and Solutions at Visa, highlighted that scores of merchants still weren’t ready for the deadline, which arguably amounts to the largest shake up of e-commerce in Europe to date.

Whilst the task to ensure thousands of merchants and issuers have the correct technology activated is huge; some companies are coming up with innovative approaches to ensure conversion rates remain high as the deadline approaches. Nuvei, a global payment technology provider that works with brands from World Duty Free to Lastminute.com, has a solution to prevent purchases failing.

“We approached it with the question: what is the minimal level of complexity in order for merchants and purchasers to have a smooth experience,” says Omri Dubovi, VP Product Management at Nuvei. “We want to optimise our solution to guarantee the best conversion.”

To understand how to give consumers the best online experience, it’s important to first understand what’s required by the regulation.

The process, which takes place once SCA is enforced for e-commerce, means consumers must now pass a number of security checks for many transactions. These fall into two of three categories; something they know, like a password; something they have in their possession, like a phone or card reader; and something they are, like a fingerprint or facial recognition usually entered via a mobile banking app.

Merchants should have 3D Secure (or the optimised version, EMV 3DS) enabled, which is one way this process can take place, or they can expect their customers’ banks to decline purchases.

Nuvei, which processed $11.5 billion transactions with merchants in the third quarter alone, plans to re-attempt transactions for secondary approval if they fail the first time. That means if a merchant or issuer isn’t ready for the latest version of the technology, EMV 3DS, it’ll route it to the old version of 3D Secure, in order to prevent failure and lost revenue.

“We are doing our best to maintain the same level on conversion,” says Dubovi. “Over the short term we may see a little pressure on the performance of some issuers and specific merchants that perhaps didn’t have time to implement EMV 3DS, but over time it will be fine.”

Noam Grinberg, VP Risk Management at Nuvei, estimates about 80% of merchants the company works with are ready for EMV 3DS. And he expects that to reach about 95% by 31 December.

“An exposure that could arise is when a merchant doesn’t have 3D Secure – and you do have some merchants,” Grinberg says. “For them everything is new. These are the merchants who are the highest priority for us.”

However, it isn’t just merchants that need to be ready. Issuers will play a crucial role in ensuring SCA doesn’t result in a negative experience for consumers and the subsequent drop-off in sales that would follow.

“We have encountered a few cases where we have proactively reached out and the issuers were very responsive,” he says. “These changes are important for the [digital payments] ecosystem, but it will be a steep learning curve. We should work together on this and we are.”

Still, Nuvei is witnessing radically different proportions of transactions moving through EMV 3DS depending on the behaviour of merchants and issuers in different locations across Europe. Nuvei’s solution to avoid significant failure of transactions after the deadline is to re-attempt transactions by determining the best route based on parameters that include currency, payment method, location, amount, date, and time of day.

The platform is completely “agnostic”, says Dubovi. That means it will adapt transaction routing in order to give it the maximum chance of success. For example, it can take care of authentication itself, or use a third party, and will choose the option most likely to get the transaction accepted by the issuing bank.

As a result, Nuvei is expecting that the end-of-year deadline will pass largely unnoticed by most of the merchants they are working with. For merchants working with a different payment gateway provider, the process to prepare for the implementation is simple: they need to contact them and request to have 3DS switched on. That might all sound like unnecessary added complexity for merchants still grappling with the effects of the pandemic, but over the long term it’ll be worth it to make the global payments system more secure, says Grinberg. Plus, it already looks likely other regions will follow Europe’s lead when it becomes clear the transition has been successful, adds Dubovi.

“I really believe that from a fraud prevention perspective, and for its potential to garner more trust in the online ecosystem, I think it’s a good idea,” Grinberg says. “It’s a very bold decision, and Europe is leading the world in this. I really believe that it can be successful and at the end of the day the rest of the world will copy it.”