Customers should expect changes in the way they shop online from today, as a result of new Strong Customer Authentication (SCA) requirements, a set of rules that change how shoppers confirm their identity when making online purchases, which have been introduced to combat online fraud.
While SCA rules have applied to a small number of transactions for some time, the proportion of transactions for which SCA requirements apply has been steadily increasing since the start of this year as merchants and Payment Service Providers (PSPs) readied to meet the enforcement date, when all transactions must be SCA-compliant, the BRC reports.
Today’s deadline comes almost three years after the SCA requirements were announced in September 2019. As increasing amounts of purchases are being made digitally, it is hoped SCA will help reduce fraud and better protect customers and their money when shopping online.
Customers will now be asked to prove their identity when making a purchase, by confirming two of the following three factors: something they are, like a fingerprint or facial ID; something they know, like a passcode or password; or something they have, like a mobile phone.
In practice, this could mean customers are asked to verify a purchase via text message, receiving a passcode which they are then prompted to enter on screen. Other confirmations could include answering an automated phone call to a landline or mobile, or through an app on a smartphone.
Some types of transactions are exempt from strong customer authentication, says the BRC, meaning customers may not always be asked to complete extra security steps. These may be purchases deemed ‘low-risk’ of fraudulent activity – such as when buying low-cost items, or repeated purchases such as subscriptions.
Tom Ironside, director of business and regulation at the BRC, says: “Retailers have been working hard to prepare for the SCA requirements, ensuring online purchases are both as safe and easy as possible. The BRC and our members have worked with suppliers to ensure multiple fraud checks are performed behind the scenes and any additional friction is kept to a minimum. Customers should be reassured that buying online has never been safer.”
Barclaycard Payments, which processes £1 in every £3 spent on credit and debit cards in the UK, says that merchants risked losing out on £102m worth of sales in February, as two-factor authentication checks ramped up for online purchases ahead of the SCA regulation becoming mandatory today.
A new study by Barclaycard Payments exploring readiness for SCA demonstrates the importance of merchant compliance, as three in 10 shoppers admit to abandoning baskets at the checkout due to friction and increased steps.
The number of transactions subject to SCA checks has been gradually ramping up, leading to Barclaycard Payments seeing 43,000 transactions a day – worth £3.64m – declined at the PoS in February. From today, 100% of transactions fall into the scope of the new regulation, so merchants which remain uncompliant could see a significant fall in revenue.