In an effort to protect both consumers and merchants from e-commerce fraud, European regulators adopted Strong Customer Authentication (SCA) back in 2019. SCA went into effect on Jan 1, 2021, and Visa reported that in the first four months, levels of reported fraud have fallen by 20%. SCA includes a set of guidelines for merchants to follow to validate the identity of e-commerce shoppers as a tool to stop the use of stolen card credentials and other fraud in e-commerce transactions. Prior to SCA, merchants were reluctant to introduce any additional verification steps that might create friction in the checkout process, but the mandate through SCA ensured that all merchants stayed on a level playing field, so taking extra steps to authenticate a shopper wouldn’t turn into a competitive disadvantage.
Despite the early positive results of SCA, it would be naïve to think it is preventing fraud entirely; the effect of course is that fraudsters are looking for other points of weakness in the system, and merchants need to be on guard in areas where fraud may increase. For example, mail/telephone orders (MO/TO) are not covered by SCA and merchants may see fraud attempts increase in those channels. Another loophole is “one-leg-out” or OLO fraud, where the fraudster uses stolen credentials of a card issued outside of the EU and therefore not subject to SCA rules. Lastly, consumers should be on the alert for increased phishing attacks as fraudsters attempt to get additional personal details that will let them navigate through SCA checks with stolen credentials. Mari-anne Bayliss, Senior Director at Cybersource, provides additional strategies and tools available to merchants to help continue to strengthen their ecommerce checkout processes against fraud.
Overview by Don Apgar, Director, Merchant Services Advisory Practice at Mercator Advisory Group