What’s been the level of SCA implementation so far?
The UK had a plan to start slowly and then ramp up. Back in November 2021, issuers were only declining 3% of transactions that did not have 3DS authentication. The plan was for 100% by March 14th. That hasn’t happened. We definitely saw an increase in soft declines of non-compliant transactions, but not to a full 100%. We're still away from that, but issuers are gradually applying SCA checks to more transactions.
What are some of the challenges you’re hearing about?
SCA is creating some challenges in regards to declined transactions. While around 20% of soft-declined transactions don't complete immediately, many will complete after a few days as customers attempt an average of two to three retries. These retries will often involve a different card or a different amount, which can lead to issuers still counting the original transactions as having failed. The worry for merchants is that these transactions are factored into their failure rates, which creates issues further down the line.
Moreover, technical challenge flow issues are happening in almost half of all European countries. Some merchants have flagged challenged transactions for 3DS and exempted them if there’s no fraud. This isn’t an approach that issuers are happy with. Additionally, some card-on-file transactions are being incorrectly flagged as merchant-initiated transactions, which are exempt from SCA.
Some merchants are also finding that the Transaction Risk Analysis exemption is more difficult to implement than was initially thought. This had led to some issuers using a process of trial and error by setting high limits and slowly dropping them while passively authenticating soft declines.
How can merchants optimize their authorization rates by working directly with issuers?
It’s really about working with individual issuers within the mandates of SCA. We are seeing different issuers put different emphasis on certain aspects; for example, Merchant Initiated Transactions (MIT). UK issuers have started to become more sensitive to challenge indicators for MITs — especially for stored credentials requiring merchants to perform an authentication on the first transaction and mandate that authentication. This is a mandate that is required of merchants but we have seen some issuers ignore it and only start to take note from March when they started to decline it — while some issuers might still ignore it.
So, the most important thing is to build a view per issuer to understand what SCA parameters can be worked within to improve optimization. That way, merchants can be more confident that they're sending the right information to the right issuer, and so be more assured of a successful outcome.
Additionally, merchants need to plan ahead and follow SCA. Failing to send a challenge indicator mandate is technically not compliant with SCA and, as such, issuers started to decline in March.
How does Checkout.com use exemptions to minimize friction?
We take a bespoke approach to exemptions, understanding that every merchant has individual requirements.
So we design exemption strategies that are based on unique risk profiles and are considerate of the wider customer expectations and brand. We take a data-driven approach to this, to ensure businesses are applying the right exemptions at the right time. We also stress the importance of adaptability. Optimizing for SCA isn't a one-time project. In fact, few businesses get their strategy right the first time. So it's crucial to keep monitoring the data and make adjustments as and when required.
Having a local approach to SCA is also essential, so that businesses can be sensitive to the nuances of local payment methods, fraud rates of individual markets, and consumer attitudes towards risk and security.
How else does Checkout.com balance SCA compliance with a seamless checkout?
Alongside data-driven exemptions that avoid unnecessary friction, we also embed our 3DS solution into the wider customer journey, so shoppers are not redirected to a third party, thus reducing the risk of cart abandonment.
We are constantly developing in this area, to get even closer to a completely frictionless experience. But at the same time, we are also fastidious about keeping businesses on the right side of regulations.
What’s important is to keep helping merchants understand that SCA is more than a regulatory hurdle, and instead how they can elevate it from a security conversation into an opportunity to rethink the customer journey.
Learn more about the steps you can take to shape an optimal SCA strategy with Checkout.com's new interactive guide.
About Rami Josef
Rami is a product leader with experience in product development, product introduction, and the overall management of a product's life from conception to fruition. Rami has deep experience in assessing customer desires and requirements, generating a product that successfully meets those standards. Before joining Checkout.com, Rami was the Head of Product at NETS Group. He's also spent time as a product and implementation manager at Visa and Worldpay.
About Checkout.com
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now