Colm O’Monachain, J.P. Morgan Wholesale Payments: Online merchants have seen their businesses turned upside down as they battle through a global pandemic. Nevertheless, the European payments industry is still required to bring SCA onboard in the coming year.2
As merchants grapple with the day-to-day major operational challenges they are facing, it can be easy to forget that major legislation is coming into force this year. At the time of writing, the deadline for the implementation of Strong Customer Authentication (SCA) remains the 31 December 2020. Although the UK’s Financial Conduct Authority (FCA) has extended this date to September 2021, the European Banking Authority (EBA) has yet to announce a postponement. We look at how merchants should respond – and how they can make sure they are ready and prepared for the changes to come.
SCA – The basics
A theoretical customer payment journey under SCA would look like this: the customer enters their card details on their smartphone, and to complete the payment, must tap in a PIN and must also use their fingerprint to confirm their identity.
There are some exceptions and opt-out mechanisms – shoppers will be able to ‘whitelist’ favourite merchants to skip this process after the first transaction authentication is completed – but the standard SCA requirements will be in place for the vast majority of payments. Although viewed by some as a troublesome hoop to jump through, the introduction of two-factor security measures will ultimately benefit merchants as they should see higher approval rates and lower fraud.
Progress has been derailed
Prior to the COVID-19 crisis, the payments industry was making good progress towards implementing SCA within the timeframe. That situation has now changed dramatically. Some of the larger issuers and acquirers are in a relatively strong position because they had completed much of their development work before the pandemic. But merchants that still have to code the SCA specifications of their acquiring banks are under pressure, for a number of reasons.
To start with, many merchants are dealing with peak volumes, and are understandably wary of making major changes to their platforms in a time of high activity. Also, some of them are pivoting their businesses to cope with the challenges of the current environment, which is sucking up a lot of development resources. Tech staff that would have been working on SCA are now being deployed in other areas.
In a best-case scenario, it will be many months before many online merchants will be able to get back to their full operational capabilities. Making major changes in the middle of a crisis is inherently risky. Doing so in a remote-working environment, while many key staff members are furloughed, is even more challenging.
Challenges with the testing period
With an implementation date of December 2020, the payments industry was working towards being SCA-compliant by September 2020, to be ready well ahead of the peak holiday season. As a result, regulators and other incumbents scheduled their testing windows for Q2 2020. This timetable has now been severely disrupted. Testing involves collaboration between multiple stakeholders, which is difficult to organize in the current circumstances. Unless these issues can be overcome, it is unlikely the industry can be ready in time for Autumn 2020.
Merchants should continue development work
Although the EBA is reportedly in favour of an extension, until there is an official decision, merchants are advised to keep working towards a December 2020 migration date. J.P. Morgan is doing everything it can to support our merchants in this period. For example, we are in constant contact with Visa and Mastercard to better understand their mandate around 3DSecure 2.1 and 2.2, so we can give merchants the information they need. We are also making our development resources available to support them on the tech side, as well as our regulatory intelligence. This latter part is particularly crucial. If there is an extension to the deadline it would likely be for six months, with any new migration plan likely to ramp up in March 2021, in preparation for a summer launch. With previous extensions, the regulatory bodies in individual countries were left to organize and implement their migration plans. J.P. Morgan is helping our merchants understand the regulatory landscape in all 27 EU countries in case there is a significant variance between markets. While working towards the December deadline, we are also continuing to advocate for our merchants..
SCA will continue to be beneficial in the long-term
We remain of the belief that SCA will be a major positive for the payments industry in the long run. Whilst there have been fears that the extra security requirements will turn customers off a potential purchase, and lead to higher rates of cart abandonment, we do not foresee a drop-off in transactions through the 2.0 solutions. Early feedback suggests the benefits of SCA are far outweighing the initial growing pains of transitioning to the new rules. For example, we know that the Nordics were ready for SCA. The merchants we support there have told us that when they turn SCA-compliant payment processes on, they experience higher approval rates and more secure transactions.
As a regulated acquirer, J.P. Morgan will continue to advise our merchants on the best ways to prepare for SCA migration so they can meet the current deadlines.
About J.P. Morgan Wholesale Payments
J.P. Morgan’s Wholesale Payments combines our treasury services, trade, commercial card and merchant services capabilities to help clients pay anyone, in any currency, anywhere in the world. We are at the forefront of payments innovation, developing cutting-edge solutions to help our clients succeed in an era of service and technology transformation.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now