or wait 15 seconds
or wait 15 seconds
By Ralf Gladis, founding director, Computop
With regards to credit card payments, the possibility to transfer the Strong Customer Authentication (SCA) from the issuer to the merchant via 3DS 2.0 will become a reality with version 2.2. The card-issuing bank can be confident that the authentication performed by the merchant is valid.
Why should U.S. retailers consider this a good thing for them, particularly for mobile commerce? There are a number of reasons why they should pursue SCA and, specifically, an SCA delegation.
Even though U.S. merchants don‘t fall under PSD2 (the European Union's Second Payment Services Directive which will require SCA), there are many U.S. retailers that have European subsidiaries that do. Also, even without the necessity to comply with PSD2 being a U.S.-based merchant, it's still a good idea to have SCA for robust security purposes.
Let's explore the delegation aspect further:
First, and significantly, an SCA delegation gives merchants an advantage over the issuer banks that should not be underestimated. In most cases, they can provide the customer with a much better authentication experience.
Although the user interface for SCA in 3DS 2.0 is much more harmoniously integrated into the payment process than in 3DS 1.0, a merchant's SCA embedded in the checkout reduces the risk of abandonment substantially. This is not least due to the fact that merchants without SCA delegation would have to require cardholders to authenticate themselves twice in certain cases — the first time to log into their customer account at the merchant and the second time to initiate the payment. This becomes even more cumbersome when using a mobile device.
This additional hurdle could result in consumers turning to other payment methods for credit card payments and the credit card losing popularity or, more impactfully for merchants, to customers turning to other retailers where checkout works better. Customers desire expediency and ease, particularly when using their mobile device.
Fortunately, the major credit card schemes allow authentication to be outsourced from issuers to merchants, helping to negate the potential aforementioned hurdle. This also helps address other payment issues, as merchants' call centers wouldn't have to support dozens of different authentication methods. To be most successful, merchants should seek payment service providers that provide the necessary infrastructure to set up the SCA delegation for both smartphone and browser payments.
Important for SCA, particularly via mobile devices, are biometric authentication options, for example, via fingerprint or face recognition, according to the FIDO standard. Ideally, retailers should integrate the corresponding step at which SCA delegation takes place as early as possible in the purchasing process, for example, the moment customers log into the seller's app or their online store. Once this step has been taken, the relevant information can be sent to the issuer together with the other data points relevant for 3DS 2.0 in encrypted form to prove that the merchant has already provided compliant authentication.
This allows the merchant to avoid any type of problem that could cause a conversion loss during the payment process without SCA delegation. Finally, the integration of biometric authentication also protects customers and merchants from fraudulent activities such as identity theft and account takeover — creating a win/win for all parties involved.
Retailers should strongly consider taking on SCA if possible, as the benefits are plentiful. With merchants "owning" SCA, customers gain a more user-friendly experience without having to log in twice to complete a purchase. As a result, retailers can be more successful at driving conversions.
Cover image: iStock