Voice of the Industry

How is the COVID-19 pandemic impacting Strong Customer Authentication preparations in 2020?

Wednesday 17 June 2020 12:10 CET | Editor: Oana Ifrim | Voice of the industry

Colm O’Monachain, J.P. Morgan Wholesale Payments: Online merchants have seen their businesses turned upside down as they battle through a global pandemic. Nevertheless, the European payments industry is still required to bring SCA onboard in the coming year.2

The COVID-19 pandemic is shaking up business operations across the globe, on a scale we have never witnessed before. The ecommerce sector has been impacted more than most. With 48 countries implementing some form of lockdown and restricting the ability of its citizens to shop in physical locations, online merchants have seen extraordinary increases in volume. Take Europe alone: across the continent, ecommerce volumes in May 2020 are up 89%, compared with the same period in 2019 (CCInsight, May 2020. ‘Geography Latest Trends’). This means that even more consumers are becoming accustomed to multi-factor authentication as they check out online. And not only that, merchants should prepare for some online shopping habits to stick: research shows that 24% of respondents in the UK, Europe’s largest ecommerce market, suggest they will continue shopping as they do now once life returns to normal (yStats.com: Covid-19 impact on global B2C ecommerce and online payments 2020 p13 citing RetailX and InternetRetailing).

As merchants grapple with the day-to-day major operational challenges they are facing, it can be easy to forget that major legislation is coming into force this year. At the time of writing, the deadline for the implementation of Strong Customer Authentication (SCA) remains the 31 December 2020. Although the UK’s Financial Conduct Authority (FCA) has extended this date to September 2021, the European Banking Authority (EBA) has yet to announce a postponement. We look at how merchants should respond – and how they can make sure they are ready and prepared for the changes to come.   

SCA – The basics

The introduction of the EU Payments Services Directive (PSD2) in January 2018, of which SCA is a core feature, is designed to try and tamp down rising levels of ecommerce fraud across the member states. 
SCA is expected to boost online security by demanding two-step authentication of any purchase over EUR 30 in the EU. Under SCA, a person making a purchase greater than this amount must provide two methods of identification, using: 
  • Possession (something the customer owns, such as a smartphone)
  • Knowledge (something the customer knows, such as a PIN)
  • Inherence (something unique to the customer, such as a fingerprint)

A theoretical customer payment journey under SCA would look like this: the customer enters their card details on their smartphone, and to complete the payment, must tap in a PIN and must also use their fingerprint to confirm their identity. 

There are some exceptions and opt-out mechanisms – shoppers will be able to ‘whitelist’ favourite merchants to skip this process after the first transaction authentication is completed – but the standard SCA requirements will be in place for the vast majority of payments. Although viewed by some as a troublesome hoop to jump through, the introduction of two-factor security measures will ultimately benefit merchants as they should see higher approval rates and lower fraud.

Progress has been derailed

Prior to the COVID-19 crisis, the payments industry was making good progress towards implementing SCA within the timeframe. That situation has now changed dramatically. Some of the larger issuers and acquirers are in a relatively strong position because they had completed much of their development work before the pandemic. But merchants that still have to code the SCA specifications of their acquiring banks are under pressure, for a number of reasons. 

To start with, many merchants are dealing with peak volumes, and are understandably wary of making major changes to their platforms in a time of high activity. Also, some of them are pivoting their businesses to cope with the challenges of the current environment, which is sucking up a lot of development resources. Tech staff that would have been working on SCA are now being deployed in other areas. 

In a best-case scenario, it will be many months before many online merchants will be able to get back to their full operational capabilities. Making major changes in the middle of a crisis is inherently risky. Doing so in a remote-working environment, while many key staff members are furloughed, is even more challenging. 

Challenges with the testing period

With an implementation date of December 2020, the payments industry was working towards being SCA-compliant by September 2020, to be ready well ahead of the peak holiday season. As a result, regulators and other incumbents scheduled their testing windows for Q2 2020. This timetable has now been severely disrupted. Testing involves collaboration between multiple stakeholders, which is difficult to organize in the current circumstances. Unless these issues can be overcome, it is unlikely the industry can be ready in time for Autumn 2020.

Merchants should continue development work 

Although the EBA is reportedly in favour of an extension, until there is an official decision, merchants are advised to keep working towards a December 2020 migration date. J.P. Morgan is doing everything it can to support our merchants in this period. For example, we are in constant contact with Visa and Mastercard to better understand their mandate around 3DSecure 2.1 and 2.2, so we can give merchants the information they need. We are also making our development resources available to support them on the tech side, as well as our regulatory intelligence. This latter part is particularly crucial. If there is an extension to the deadline it would likely be for six months, with any new migration plan likely to ramp up in March 2021, in preparation for a summer launch. With previous extensions, the regulatory bodies in individual countries were left to organize and implement their migration plans. J.P. Morgan is helping our merchants understand the regulatory landscape in all 27 EU countries in case there is a significant variance between markets. While working towards the December deadline, we are also continuing to advocate for our merchants.. 

SCA will continue to be beneficial in the long-term

We remain of the belief that SCA will be a major positive for the payments industry in the long run. Whilst there have been fears that the extra security requirements will turn customers off a potential purchase, and lead to higher rates of cart abandonment, we do not foresee a drop-off in transactions through the 2.0 solutions. Early feedback suggests the benefits of SCA are far outweighing the initial growing pains of transitioning to the new rules. For example, we know that the Nordics were ready for SCA. The merchants we support there have told us that when they turn SCA-compliant payment processes on, they experience higher approval rates and more secure transactions. 

As a regulated acquirer, J.P. Morgan will continue to advise our merchants on the best ways to prepare for SCA migration so they can meet the current deadlines. 

About Colm O’Monacháin
Colm is Vice President Product Solutions Europe at J.P. Morgan. He is responsible for chargeback, fraud strategy and mitigation for J.P. Morgan Merchant Services. As part of the Product Solutions team, he is also a key member of the PSD2 implementation group and our resident expert on Strong Customer Authentication. With over 13 years’ experience working in the payments industry, in both issuing and acquiring, Colm’s wide range of knowledge helps merchants reduce their chargeback and fraud exposure through a consultative and analytical approach. 


About J.P. Morgan Wholesale Payments

J.P. Morgan’s Wholesale Payments combines our treasury services, trade, commercial card and merchant services capabilities to help clients pay anyone, in any currency, anywhere in the world.  We are at the forefront of payments innovation, developing cutting-edge solutions to help our clients succeed in an era of service and technology transformation.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: Colm O’Monachain, J.P. Morgan Wholesale Payments, ecommerce, expert opinion, COVID-19, Strong Customer Authentication, payments , merchants
Categories: Banking & Fintech
Countries: World
This article is part of category

Banking & Fintech