On 14 September, Strong Customer Authentication (SCA) will come into effect as part of the EU Payment Services Directive (PSD2). Fortunately for UK retailers, the Financial Conduct Authority (FCA) has announced an 18-month phased implementation plan for SCA – a move welcomed by the UK retail industry as many retailers were not going to be ready. Around the EU, a reported 40% of merchants claim they will be ready for the deadline – leaving the remaining 60% completely unprepared. Not only are UK retailers now able to benefit from the extension, but retailers with an iOS and/or Android app have the opportunity to make quick moves towards complying with SCA through Apple Pay and Google Pay.
With so many retailers not prepared for the policy change it is believed that a quarter of online transactions would be declined. The deadline extension will come as a huge relief and save the UK ecommerce industry vast amounts of revenue. At the end of the 18-month period, the FCA expects all UK firms to have made the necessary changes and undertaken the required testing to apply SCA. Meanwhile, the FCA will continue to monitor the readiness of UK banks and PSPs to meet the SCA expectations – providing alternative means of authentication where needed.
It does not mean, however, that retailers can procrastinate making changes to their payment processes. European Economic Area (EEA) countries outside of the UK will still be held to the 14 September deadline. Meaning, transactions in those countries must comply with the SCA policy. As a result, UK retailers selling to customers with banks outside of the UK may see these transactions declined, unless they have prepared with an SCA-compliant Payment Service Provider (PSP).
The PSD2 policy requires retailers to have the payer authenticated by its PSP by two factors for all online payments conducted within the EEA – a project that will take effort and time. According to Stripe, the leader in online payments, transactions that do not follow the new authentication guidelines may be declined by the customers’ banks. While this is great news for avoiding fraudulent payments, retailers who do not make changes to their payment processes by the new deadline could risk losing significant amounts of revenue. Fortunately, retailers already with an iOS and/or Android app will be able to minimise the effort and time for complying with the new policy through the implementation of Apple Pay and Google Pay.
Both Apple Pay and Google Pay already utilise two factor authentication, using password, fingerprint, or face scanning technology to authenticate the customer when making a purchase. Additionally, Apple Pay and Google Pay are trusted payment systems. In 2018, Google Pay serviced 11.1 million users and Apple predicts 10 billion transactions through Apple Pay by the end of 2019. With an iOS and Android app, your app commerce channels will not only swiftly comply with SCA but also provide your customers with a familiar and smooth user experience.
Poq worked closely with Apple to allow for the Apple Pay feature to be implemented on web checkout. As a result, retailers with both native and web checkout can benefit from Apple Pay’s inherent safety capabilities. With Apple Pay live in 35 countries you can be sure you will be able to meet SCA regulation in most if not all of the EEA nations with an iOS app. You can learn more about the hard work Poq’s product team conducted in one of our earlier blogs, “Communication is key: App payment made easier”.
However, retailers must ensure they still implement 3D Secure 2 with compliant Payment Service Provider for web and for app transactions. Some users will want to use payment methods outside of mobile wallets and missing out on their transactions will be costly. Fortunately, Stripe has put in place a reliable process to prepare for SCA in the next coming weeks:
Watch Stripe SCA experts, Jackie Karmel and Adam Davies explain how similar regulation has had an impact in other countries and how best to prepare your business for the change in checkout procedure.
Your business will be required to comply with the new regulation if your retail business is based in the European Economic Area (EEA) or serves customers in the EEA. Once recognising that your business must comply you will need to implement SCA-ready technology. Fortunately, Stripe’s new Checkout and payment APIs provide its clients with ready-to-go technology – making them SCA ready in no time. To learn more about which of their products may suit you check out their SCA Migration Guide.
Ensuring your ecommerce channels are ready by March 2021 will prevent declined payments, maintain revenue growth, and make you an industry winner. However, as mentioned, many EEA retailers will need to remain on the trajectory towards being ready on the 14 September. To remain up to date with SCA news and timeline updates, be sure to check out Stripe’s SCA enforcement support page.
Fortunately, with an app you can be ready to comply with the SCA regulation with the simple implementation of Apple Pay and Google Pay, although payments accepted via other payment methods may be declined without 3D Secure 2.