PaymentsJournal
SUBSCRIBE
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
No Result
View All Result

Is Skipping SCA Really a Good Idea?

Tim Sloane by Tim Sloane
February 25, 2022
in Analysts Coverage, Authentication
0
Is Skipping SCA Really a Good Idea?

Is Skipping SCA Really a Good Idea?

0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

This article suggests that merchants take advantage of every opportunity to avoid implementing two-factor authentication of customers. While clearly there are times when asking the customer to authenticate themselves is less needed, does that mean it should be jettisoned? The only reason two-factor authentication is avoided is because in most implementations it generates friction. But SCA allows a properly secured device to be used as one factor and a behavioral biometric as a second factor. So a consumer with a smartphone in their possession when placing an order could be authenticated without any friction. However, this isn’t supported by any banks that I am aware of so the only way it could happen is if the merchant takes on delegated authorization and does it for the bank. But then I am also unaware of any delegated authorization implementation.

What we are left with is finger pointing both in the EU and the US. Merchants hate the card networks and want to make minimal investment to support them. Banks act as if this is a network and merchant issue, not theirs, even though authenticating their accountholders is critical. So here we are stuck in the middle despite the availability of great authentication solutions from suppliers:

“Of course, there is nothing stopping fraudsters from attacking transactions protected by 3D Secure alone — and they do. The security protocol does shift liability from the merchant to its bank, but if a bank is hit by fraud often enough, it will protect itself by declining more orders.

That’s SCA in simple terms but the wonder of the regulation lies in the detail. And on closer inspection of what SCA stipulates, it is clear that a robust fraud protection solution will be the bedrock of a merchant’s successful SCA strategy because:

1. Low fraud rates are required for key exemptions that allow consumers and merchants to bypass SCA.

2. SCA does not cover every transaction a merchant will process — far from it.

3. SCA deals head-on with payment fraud. It does not protect a merchant from friendly fraud or policy abuse by consumers.

4. Fraudsters are innovative and entrepreneurial. SCA may prove a barrier initially, but professional fraud rings will find an alternate path of attack.

Let’s start with exemptions, as they are the key to providing a seamless SCA experience for online customers. Exemptions allow orders to be approved without undergoing SCA based on the notion that the transaction isn’t very risky or wouldn’t be very costly if things go wrong.

Skipping SCA is a highly desirable outcome as stricter authentication measures have the potential to disrupt the customer’s online checkout experience. Featured in the latest CMSPI report into the impact of SCA in Europe, testing shows 29% percent of SCA transactions are abandoned. This could be because they are declined, because of technical errors or because the customers simply got too frustrated with the added security layers. All of this could amount to an annual loss for merchants of €90 billion combined.”

Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group

Tags: Authenticationbiometric authenticationfraudFraud PreventionMerchantMerchantsSCAtwo-factor authentication
0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

    Analyst Coverage, Payments Data, and News Delivered Daily

    Sign up for the PaymentsJournal Newsletter to get exclusive insight and data from Mercator Advisory Group analysts and industry professionals.

    Must Reads

    cross-border payments

    Cross-Border Payments: Fighting
    E-Commerce Fraud Using Data

    March 20, 2023
    fraud, ChatGPT-4

    How to Fight Fraud While Still Enabling a Great Online Customer Experience

    March 17, 2023
    RTP

    Financial Institutions Without an RTP Strategy Risk Being Left Behind

    March 16, 2023
    visa chargeback

    New Visa Chargeback Guidelines Will Be a Game Changer

    March 15, 2023
    liquidity management

    Liquidity Management Takes on Increasing Importance in Uncertain Economic Times

    March 14, 2023
    payments

    Key Challenges from Growing Payment Methods and Volume

    March 13, 2023
    Data Governance is a Journey, financial data

    How FIs Can Power Their Operations with a Modern Data Architecture

    March 10, 2023
    ISO 20022

    How Banks Can Realize Business Benefits and Reduce Payments Fraud With ISO 20022

    March 9, 2023

    Linkedin-in Twitter

    Advertise With Us | About Us | Terms of Use | Privacy Policy | Subscribe
    ©2023 PaymentsJournal.com

    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    Menu
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    • Industry Opinions
    • Recent News
    • Resources
    Menu
    • Industry Opinions
    • Recent News
    • Resources
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Industry Opinions
    • Faster Payments
    • News
    • Jobs
    • Events
    No Result
    View All Result

      Register to download the Autorek complimentary report: Payments Industry Outlook 2023: