The introduction of the European Union’s Revised Payment Services Directive (PSD2) marked a major shift in digital payments security. At the center of the regulation is Strong Customer Authentication (SCA), a requirement designed to reduce fraud while supporting broader open banking initiatives. However, merchants have long worried that additional authentication steps could increase shopping cart abandonment and create friction during checkout. To address these concerns, card networks enhanced EMV 3-D Secure and introduced delegated authentication models that allow qualified merchants to manage the authentication experience while maintaining compliance with SCA requirements. These developments are reshaping how payment security, convenience, and customer experience coexist in digital commerce.
Don’t miss another episode of Truth In Data! Click on the red bell in the lower-left of your screen to receive notifications as soon as the episode publishes.
Data for today’s episode is provided by Mercator Advisory Group’s Viewpoint – Card Networks Deploy Delegated Authentication: Everybody Wins!
A Look at PSD2 and Strong Customer Authentication
- PSD2 mandates Strong Customer Authentication (SCA), which is necessary in both payments as well as larger Open Banking initiatives
- The deadline for adherence to Strong Customer Authentication was 12/31/2020; but merchants still worry about shopping cart abandonment.
- The global card networks have updated EMV 3D Secure to address the strong customer authentication requirement, but their track record with shopping cart conversion is checkered.
- Further worrying Merchants: if each card issuing bank implements its own authentication method – cardholder confusion is likely.
- Principally, the concern is that the customer might be potentially challenged to authenticate themselves twice in one transaction.
- The EU had identified a number of exemptions for SCA including: merchants with low fraud rate criteria, cards on file after the first SCA, and white listed merchants
- The global card networks themselves built a system to manage, track, and communicate these exemptions across the entire network of participants
About The Viewpoint
With Delegated Authentication, card networks enable merchants to control the entire cardholder experience. Issuers reduce costs while consumers can use biometrics for online shopping and passwords slowly fade away.
With Delegated Authentication, qualified merchants can use their own authentication process to approve purchases or pass the cardholder’s FIDO-based credential to the network for approval.