Total payment fraud in France is expected to exceed one billion euros by 2023 !
A frightening figure, but one that makes the fight against fraud a key issue for financial institutions, merchants and end consumers alike.
To counter this, several measures have been put in place by regulators to reinforce security requirements for payment transactions, particularly digital ones.
Among these measures, since the entry into force of European directive PSD2 (Payment Services Directive number 2), strong customer authentication (SCA) has become a key requirement for guaranteeing the security of electronic transactions.
Its aim is to reduce the risk of fraud while boosting consumer confidence in online payments.
But what is SCA? How does it work? and what impact does it have on merchants?
We break it all down for you in this article, starting with the basics 😊
What is strong authentication (SCA)?
Strong Customer Authentication (SCA) is a regulatory requirement introduced by the Second Payment Services Directive (PSD2) throughout the European Union.
In concrete terms, it applies to all digital payments, including online transactions issued in particular from a merchant site, and has been implemented progressively over the last few years with :
- In 2015: the adoption of PSD2 by the European Parliament,
- In 2017: the publication of technical standards describing strong authentication processes,
- Then, on a timetable ranging from 2020 to 2022, depending on the institution and country, the obligation to implement strong authentication for players in the European Economic Area concerned.
In terms of players, it’s important to bear in mind that strong authentication affects the entire payment value chain (banks, financial institutions, payment service providers such as Slimpay & merchants).
Its aim is threefold:
- Reduce online fraud as online shopping and e-commerce continue to grow, fraud has become a real issue and as a merchant, you should already know this 😊
- Strengthen your customers’ trust through enhanced security for online transactions
- Comply with current regulations: we’ve already mentioned PSD2, which is now being implemented by all payment players.
Strong authentication is one of today’s most widely used means of reducing fraud in electronic payments, by imposing more robust identity verification during transactions via various factors, which we present to you with a concrete example!
Strong authentication: what are the three key elements?
Let’s start from the perspective of a merchant offering services or products to consumers.
Once payment has been validated by the customer, strong authentication will be required on the merchant site to comply with DSP2.
This strong authentication is based on the use of two of the following three elements to validate an online payment transaction, regardless of the digital channel used:
- Knowledge: an element known to your customers, be it a password or PIN code.
- Possession: an element in your customers’ possession, such as their cell phone, a bank card or a physical device (such as a token).
- Inherence: biometric data, such as fingerprints or facial recognition, which uniquely identifies the customer.
This multi-factor approach reduces the risk of a single piece of stolen data (such as a password) enabling fraud.
For example, even if a fraudster obtains a password, he will still need to access the phone or use fingerprints to validate the transaction, which is a guarantee of security for both your customers and yourself as a merchant.
SCA and strong authentication: what impact for your customers?
As the number of online payments increases, so does the incidence of credit card fraud, which in turn affects end-customer confidence.
Proof of this is the introduction last October of a national campaign to raise awareness of payment fraud in France, in conjunction with the French Banking Federation (FBF).
To this end, the FBF launched a study into French people’s attitudes to cybersecurity, and one of the key findings was that 9 out of 10 French people consider their banking data to be sensitive, and take the necessary precautions in the face of online scam attempts.
The introduction of strong authentication has profoundly altered online payment transactions.
Whereas payments used to require a simple entry of a card number, or even a code sent by SMS (One Time Password), the SCA now requires a double verification.
While customers may have been reluctant to accept these new validation steps when making a payment, the introduction of technology into the end-to-end process has made them more fluid, notably with the inclusion of the following technologies:
- Biometrics: whether it’s facial or fingerprint recognition, as most smartphones today are equipped with these, your consumers are now well versed,
- Push notifications sent directly to smartphones are also a fast and efficient means of validating online payments,
- Computer protocols such as 3D Secure, which enable payment validation via strong authentication without loss of your customers’ shopping baskets.
On the customer side, the introduction of strong authentication will have restored customer confidence in online payments, and contributed significantly to reducing fraud.
SCA and strong authentication: what impact on merchants?
The main impact of the introduction of strong authentication on merchants is to adapt customer journeys on payment pages, without compromising their fluidity. This is a major challenge, and one that offers great opportunities for you !
Indeed, having increased security and highlighting security on your payment paths can be a good marketing lever given the impact for your consumers, as we’ve just seen.
And satisfied customers also mean stronger loyalty 😊
In terms of innovation, the introduction of strong authentication may in previous years have called into question a number of your company’s processes, or even prompted you to modernize your payment infrastructures, but did you know that you can be supported in doing so?
In fact, to make things easier for you, going through a payment service provider (PSP) who already integrates strong authentication management processes (in addition to many other functionalities) is a good compromise, as it allows you to delegate both compliance and deployment to a player who is already approved and secure.
→ And just the thing, thanks to SlimPay, you’ll be able to effectively combat fraud while offering your consumers a simple, fluid and secure purchasing process, maximizing your processing times and revenues 😊
The benefits? you’ll be able to offer your customers a wide range of payment solutions without altering your end-points or neglecting the security of these operations, attracting new prospects and building customer loyalty.
So, what would you say to going beyond seeing the new regulations as constraints, and seeing them as real opportunities to effectively rethink your payment processes, by backing them up with the necessary security required to encourage consumer adoption?
In conclusion, the introduction of strong authentication, despite being the result of a regulatory directive, goes far beyond the implementation of simple management rules.
It represents a necessary evolution on both the merchant’s and the consumer’s side, in order to guarantee, or rather prevent, the threats posed by payment fraud.
And to do this, working with a payment service provider like Slimpay is a good way for you to surpass these regulatory obligations, while also anticipating the impact on your customers’ payment journeys.
So why not innovate by going through a PSP? 😊
