The implementation of a key facet of Payment Services Directive 2 (PSD2) and, Strong Customer Authentication (SCA), was recently deferred to 31 March 2021 – this time due to COVID-19. So, what’s this really all about?
PSD2 has been around since 2015 and was due to come into effect on 14th September 2019. SCA was one of the key provisions, ostensibly to make payments safer and more secure and so reduce the risk of online financial crime and fraud.
The mechanism involved is extending the use of 3D secure – the verification pop-up we have become used to seeing occasionally, usually with high value items or web sites we have not previously bought from – to all on-line transactions.
Privacy policy: please accept to order…
There are exceptions to this (e.g., low value, repeat payments), and the technology behind new versions of 3D Secure will make the process a lot less intrusive. However, this reminds me a lot of the introduction of cookie acceptance because of GDPR – consumer protection that ends up with an infuriating interruption of the website journey. Has anyone ever read a privacy policy before clicking for their pizza?
Cybercrime is undoubtedly an issue. As payments have embraced SMS and social media channels, so have the criminals. Anyone who has had to replace their card and verify card purchases after loss or compromise will think this is a good thing, even if it does take a few seconds more to check out.
Others who have been luckier to date will probably find it a nuisance. The payments industry is not particularly good at explaining itself to consumers and I would like to see a media campaign to explain why this change is happening before launch next year.
Basket barriers?
For merchants there are also issues: the early, optional version of 3D was shunned by many due to basket abandonment rates of up to 40%, despite the potential for lower payment costs. Not everyone had their inside leg measurement and hat size handy when they wanted to buy some flowers for Mother’s Day, and there were usually other sites that didn’t require this extra layer of check-out process.
Whatever the merits and de-merits it’s going to be here soon, and I am pleased to say that the technology is definitely better. That said, merchants will need to carefully review their processes around card storage, repeat payments and fraud. We have been preparing for PSD2/SCA for some time now and we are ready. If you have any questions around the process in general or specifically in relation to your current payment processes, please get in touch.