21 Aug Making the most of the PSD2 delay
With just a month to go, the Financial Conduct Authority (FCA) has confirmed an 18-month delay to the implementation of the final stage of PSD2, the revised Payment Services Directive issued by the European Commission for innovation, improvement and internet payment safety.
Initially due to come into force on September 14th, the final stage includes a requirement for strong customer authentication (SCA) to be implemented across all remote ecommerce transactions of €30 or more (some transactions under €30 will also require SCA under the cumulative rule). Furthermore, SCA was due to come into force with a hard stop; that is, online payments firms were to actively prevent non-SCA transactions from going through from that date. No ifs, no buts.
Clearly, the regulator has now backtracked from that uncompromising position. Following discussions with the trade body UK Finance, as well as various financial, retail and travel groups, the FCA announced an ’18-month plan to implement SCA with the ecommerce industry of card issuers, payments firms and online retailers’. The phased approach follows, also, a June statement from the European Banking Authority (EBA), which said that many merchants risked missing the September deadline due to the complexity of the new requirements. Meanwhile Andrew Cregan, Payments Policy Advisor at the British Retail Consortium, has welcomed the plan by claiming that up to 30% of ecommerce transactions
The upshot is that businesses which were scrambling to get SCA in place by September now have an additional 18 months of breathing space. But, as we know, time moves fast in business. This cannot be taken as an excuse to put SCA on the back burner, or to stop paying attention to online payment processes.
Rather, businesses which process payments online – remembering that this covers a massive array of sectors including utilities, leisure, transport and other services, as well as the more obvious consumer-facing retailers – should take this unexpected opportunity to recheck and retest what procedures they have already implemented. Of course, if they were already lagging behind the September 14th launch date, this is even more of a boon. The extra time must not be wasted.
AN SCA primer
A quick reminder on what SCA involves. Essentially, it requires online customers to affirm their identity through at least two of three categories of verification. The first category is something they are; a biometric factor such as facial recognition, voice recognition or a fingerprint. The second category is something they have; a phone or another piece of hardware like a card reader. The third category is something they know; a traditional password, PIN or security question.
Since each of these categories of verification incorporates different strengths and weaknesses, forcing companies to use at least two shores up the security of the overall process and makes fraudulent payments far less likely.
On the other hand, requiring two verification methods rather than one also increases complexity for the company and friction for the customer – which might explain why so many organisations are still not ready.
The digital wallet advantage
A powerful option for organisations worried about these disadvantages is a digital wallet solution. The use of digital wallets is massively increasing worldwide; in China, over a third of transactions are already made using such solutions, and Worldpay has estimated that as much as 28% of all global transactions could be made this by 2022.
Digital wallets are quick, convenient and secure for consumers – and because they essentially count as one form of verification in themselves, they only require businesses accepting them to incorporate one additional form of verification rather than two. Additionally, regular payments such as those for a subscription service or paying a bill on a regular basis may be fast tracked through to an approved customer list. EWallets, then, are a great option for businesses looking to balance the demands of SCA with a customer-centric, seamless online experience.
Making the most of the PSD2 delay
PSD2 is a fantastic next step in the evolution of the ecommerce landscape. It is part of a more general shift to Open Banking, which allows authorised third parties access to customer information which previously only banks were privy to, and consequently enables businesses to innovate more in terms of the payment methods available to consumers. The opportunities for more customer-centricity, more creativity and more agility are great.
Additionally, PSD2 builds extensively on the first form of the directive in terms of consumer rights, across areas including complaints handling and surcharging, third-party access to account information and, information security. It aims to make it easier and safer for shoppers (and businesses) to use internet payment services; to deliver better consumer protection against fraud, abuse, and payment problems; to promote innovative mobile and internet payment services; and to strengthen consumer rights. These are all laudable aims, which will increase transparency across the ecommerce sector and foster greater trust between consumers and businesses.
However, the decision to delay and phase the implementation of SCA underlines that businesses are being listened to; that the implementation of PSD2 is not just about improving the customer experience, but also about improving matters for businesses. Increased payments security doesn’t just protect consumers; it protects businesses from lost revenue and damaged reputation should payments fraud be targeted at their transactions.
If you have been struggling to implement SCA, take this delay as an opportunity to ask for help. Digital wallets in particular are a smooth and straightforward way of meeting the demands of SCA whilst preserving efficient and seamless customer experiences.