The UK Financial Conduct Authority (FCA) announced in May that the deadline for SCA compliance has been pushed back to March 14th, 2022. This was due to a lack of industry readiness and long-term impacts of the Coronavirus crisis on UK merchants.
The Revised Payment Services Directive (PSD2) was initially scheduled to go into effect throughout Europe on September 1st, 2019. Then it got pushed to December 31st, 2020. The global pandemic and evident impact of the regulation on merchants led many countries to push the deadline back further. However, the latest FCA extension makes the UK the very last country to require full PSD2 compliance.
This extension is expected to be the last before full PSD2 enforcement in the UK. This makes it the last chance for UK merchants to look in-house, examine their operations and get their SCA ducks in a row.
What the Delay Means for Merchants
The FCA deadline extension is a clear win for UK merchants who have had a tough time with the pandemic. They cannot afford to lose revenue due to SCA issues.
Instead of being alarmed by the sudden drop in conversions, UK merchants should learn from their European counterparts. They have the opportunity to examine the true impact PSD2 has on conversions. They can adapt their payment processes and monitor the readiness of their payment ecosystem before SCA is enforced.
As PSD2 has gone into effect throughout much of Europe, many merchants have experienced these challenges first-hand and on their bottom-line. In France and Spain, merchants have experienced a 25% decline in conversion rates, which is better than merchants in Germany and Italy who have seen conversions decline by over 30% and 40% respectively.
The decline in conversions costs European merchants millions of Euros. While the UK payment ecosystem is more prepared for PSD2 than other countries, merchants may still see a conversion decline of 15-20% once SCA is enforced, unless they do something now.
UK merchants should recognise this extension as the opportunity it is. Retailers and brands need to familiarise themselves with the critical changes PSD2, and particularly 3DS, impose on customers’ checkout experience. This includes ensuring:
- Merchants can request exemptions.
- Understanding the difference between 3DS methods and know which one their providers are using.
- Implementing solutions to create a frictionless and compliant checkout process and protect their business from risk.
The Problem with PSD2 is 3DS
PSD2 requires Secure Customer Authentication (SCA) to be performed on all transactions, most frequently done through 3DS. This is a problem for merchants who want to increase revenue generation and create a frictionless checkout experience for customers.
In theory, 3DS is great! When 3DS is applied, liability shifts to the issuers, and the merchant can ensure they are PSD2 compliant. However, 3DS also creates many challenges for merchants.
One of the most significant problems with 3DS is the friction that it causes consumers. By adding additional touchpoints to the checkout process, cart abandonment and human error rises. In addition to challenges on the consumer side, 3DS brings about many challenges from the payment ecosystem side.
The 3DS process requires the entire payment ecosystem to be 3DS ready, or transactions will not be processed. Many failure points can occur during 3DS, including technical failure, authentication failure, and more. 3DS also increases the risk of a transaction being falsely declined due to the risk-aversion of banks to assume liability for ‘borderline’ transactions. Legitimate transactions that are denied result in lost revenue as well as damage a brand’s reputation.
What Other Merchants Wish They Knew
A dramatic lesson European merchants have learned post-PSD2 enforcement is the need to do everything possible to provide consumers with a frictionless checkout experience.
The best way to do that is by leveraging exemptions to their advantage.
Under PSD2, merchants can apply for SCA exemption for eligible transactions such as low-risk exemptions, low-value exemptions, recurring payments and more. However, to know if a transaction is exemption eligible and go through the steps of requesting the exemption requires having an exemption engine in place. Merchants should be careful to only request exemptions from acquirers that have agreed to process exemptions from them. Or they will risk the transaction being declined.
While exemptions can reduce the friction on consumers, when a transaction is processed without 3DS, the bank does not assume liability. This leaves the merchant responsible in the event of fraud. To protect their business while maximising exemption requests, merchants need an effective fraud prevention partner. This is especially crucial as fraud rates are increasing globally. As a result, merchants that want to process transactions without SCA will be liable for any chargebacks.
However, relying on exemptions does not guarantee frictionless checkout. Some transactions still do not meet the exemption requirements. Other transactions may be declined by the issuer even if they are exemption eligible. When this happens, merchants need to have an alternative solution – namely, Dynamic 3DS.
Dynamic 3DS uses real-time information and behavioural analytics to provide consumers with a 3DS experience that is as frictionless as possible. The Forter Dynamic 3DS solution coupled with the covered model enables merchants to enjoy the same liability and higher conversion rates. In just five months, Forter has increased approval ratios for global merchants, increasing conversions to close to their pre-PSD2 levels.
UK merchants that want to provide customers with a frictionless checkout experience need to do the following:
- Check their payment optimisation partner can request exemptions on their behalf.
- Test the payment partners are able to process exemptions.
- Ensure they can provide alternative checkout experiences to customers when the transactions are not eligible for an exemption.
SCA is Not a Drill
The SCA threat has loomed over the heads of UK merchants for so long that they no longer fear it. From my experience in the payment industry, I can firmly say that this delay is just that – a delay.
Despite taking longer than expected, SCA enforcement will still reach UK shores. When this happens, the merchants that did not use the time to plan, prepare and test their PSD2 solution will suffer the consequences.
It is important to note that when SCA enforcement goes into effect in the UK, it is possible that 3DS2.2 will already be released. This will create even more opportunities for merchants to reduce the impact of PSD2 on their operations. Hopefully, it will ensure their revenue generation and profitability stays high. Merchants that still use 3DS1 or are not prepared to use 3DS2.2 will not be able to support exemptions at a large scale. Nor will they be able to leverage delegated authentication to their advantage.
To ensure they are ready for PSD2, UK merchants need to examine their solution today. This involves their PSP’s, issuers, and the entire ecosystem in the process. Merchants need to pay close attention to their monitoring capabilities. They have to understand exactly what is being counted to ensure they get a full overview of the state of their operations, before and after SCA enforcement.
While the SCA enforcement date may seem far away, adapting the entire payment process may require significant changes on the merchant’s side. UK merchants should start early, examining their PSD2 solution, partnering with the right payment optimisation solution, and learning from the mistakes Europe. UK merchants will then be in a good position to continue generating revenues and profit while being fully PSD2 compliant.
Forter is the leader in e-commerce fraud prevention, processing over $200 billion in online commerce transactions and protecting over 750 million consumers globally from credit card fraud, account takeover, identity theft, and more. The company’s identity-based fraud prevention solution detects fraudulent activity in real-time, throughout all online consumer experiences.
Forter’s integrated fraud prevention platform is powered by its rapidly growing Global Merchant Network, underpinned by predictive fraud research and modeling, and the ability for customers to tailor the platform for their specific needs. As a result, Forter is trusted by Fortune 500 companies to deliver exceptional accuracy, a smoother user experience, and elevated sales at a much lower cost.