ACI Worldwide Inc.

03/02/2021 | News release | Distributed by Public on 03/02/2021 23:35

Assessing the Acronyms: Without PSD2, Is 3DS for SCA Relevant for U.S. Merchants?

Assessing the Acronyms: Without PSD2, Is 3DS for SCA Relevant for U.S. Merchants?

Tuesday, March 02, 2021

Posted by Amanda MickleburghtoFraud Management, Secure eCommerce

Share this:

PSD2 has been the 'talk of the town' in European payments for the last few years-and the final piece of the puzzle, strong customer authentication (SCA), has certainly been a source of spirited conversation across the payments ecosystem.

In a previous blog we spoke to industry experts to gauge their thoughts on the impact that the SCA mandate would have on various players. With compliance now enforceable within the EU, and the U.K. deadline on the horizon for September this year, it's still too early to really see the impact that SCA has had. In some markets, there's anecdotal evidence of higher issuer declines, but there are also many issuers that aren't ready and still more that have expressed their intention to contain risk by challenging more transactions.

While it's clear there are still plenty of creases to be ironed out in Europe, these issues should also serve as a warning to other major markets. SCA under PSD2 may be specific to the EU, however its impact will be felt across global markets, particularly those where payments are dominated by cards.

Is the U.S. next?

While SCA, or indeed 3D Secure 2.0 (3DS2), is not yet mandated in the U.S., many merchants are somewhat reluctant to implement the new standard, worried that it will create a negative impact on the customer experience and therefore harm sales. Some of this concern is undoubtedly due to the experience many saw with the original 3D Secure (3DS1), evidenced by the low uptake in the U.S. The introduction of 3DS2, however, is a world away from the clunky, static-password-driven process that led to increased cart abandonment.

The big problem is that merchants that do not perform 3DS2 and SCA on transactions where it is available and supported by the card issuer are now more likely to see an increase in issuer bank declines. An even bigger issue is that while this more digitally-enabled authentication process isn't mandated it is almost certainly coming; it carries a risk-based authentication process that helps to mitigate some of the fraud levels experienced by issuers with 3DS1. Merchants in the U.S. must start to familiarize themselves with the changes and build additional development time into their respective roadmaps.

Benefits of 3DS2: What is changing

Most merchants and payment providers agree that the original 3DS1 created challenges for maximizing conversions and increased cart abondonment, but by comparison, 3DS2 is (generally) set to make the customer experience better-as long as its features are embraced.

3DS2 is designed to:

  • Improve cardholder validation and make the checkout experience easier and faster (85% faster compared to 3DS1, according to Visa)
  • Support mobile and connected devices (IoT) with a new process aimed at 'on the go' mobile transacting with SDKs available for mobile devices (iOS and Android)
  • Introduce risk-based authentication (which uses 10 times more data, including payment data, transaction history, browsing data and device ID) on which to base authentication and screen cardholder data

The introduction of these changes means that authentication can take place quickly and seamlessly behind the scenes, dynamically, using all available data fields.

Not only can implementing 3DS2 help merchants prepare for the inevitable introduction of mandated authentication processes, but getting ahead of this curve can also offer better fraud protection, a smoother customer experience and improved acceptance levels. The result is greater issuer confidence, merchant protection and more happy customers.

Want to know more about SCA? Check out ACI's industry-specific SCA Resource Center to help banks, merchants, issuers, acquirers and PSPs.