Significant changes have been made to how customers pay for all card purchases, which could have an impact on retailers’ sales – unless immediate action is taken.
New rules surrounding Strong Customer Authentication (SCA) have come into force to help tackle the threat of fraud. It falls under the new Europe-wide Payment Services Directive (PSD2), which includes a new step added into the payment journey for visitors to any eCommerce website.
It’s been described by Barclaycard Payments as the biggest change to consumer payments since Chip & PIN was rolled out more than 16 years ago.
A part of new rules introduced by the Financial Conduct Authority (FCA), it will see all UK online retailers required to follow a new technology and authentication protocol called 3D Secure 2 (3DS2) from March 14.
Below, we lay out exactly why they have been introduced – and what all online retailers need to know.
What is Strong Customer Authentication and why is it so important?
SCA is the new system introduced to give extra security for people making online payments.
It will mean bank or payment services providers need more information to verify an individual’s identity or someone who has been given consent to make a payment.
The system is designed to reduce the risk of online fraud and cyber crime, which is on the rise.
The rules are impacting all online retail firms across Europe and have been in the pipeline for several years.
The FCA said it has been working with firms since 2019 to implement SCA “in a way that protects consumers while minimising disruption”.
What do the new rules mean for retailers?
Firstly, retailers looking to sell products in Europe or the UK must use SCA from March 14th 2022 – there is no option to bypass the new rules, but there are some exemptions to the rules (listed below).
Customers shopping at retailers that have not implemented these new measures at online checkouts could see payments declined by their banks.
It’s now vital for retailers to ensure their payment methods are compliant with PSD2 and the new SCA requirements, otherwise banks may start declining payment approval requests, meaning sales figures could plummet.
Recent research from Barclaycard Payments exploring readiness for SCA reported that 14% of shoppers noticed an increase in their online payments being declined.
According to Retail Times, when asked about those drop-outs, three in ten merchants said the abandonments were due to the new two-factor authentication, so it’s also important customers are made aware of the changes as soon as possible.
Many retailers, however, already use SCA – so will not need to take any action, whilst lots of others have already moved to introduce the changes ahead of the deadline.
Why are the new rules coming in now?
The new rules were intended to come into force in September last year, before the FCA granted a six-month extension.
That extension was granted to ensure minimal disruption for merchants and consumers – also due to “challenges” the industry faced to meet the previous deadline. That followed an initial six-month extension in response to the coronavirus pandemic.
The new rules are already in force all across European Economic Area countries, with the UK being the last to implement them.
What is 3D Secure 2 and how will it work?
3DS2 is the technology and authentication protocol UK retailers will use for online card payments to meet the SCA requirements.
It means banks will now demand two different forms of identification from a customer when paying for an item.
Specifically, that will mean requiring two of the following three things:
- Something the user ‘is’ – such as their fingerprint
- Something the user has – like their phone
- Something the user knows – such as a password.
The latest version is hoped to give customers a convenient online checkout process, also reducing the likelihood of any additional steps being needed.
It’s an update on a previous version – 3D Secure 1 – addressing that version’s pain points in a bid to create a smoother user experience. A mobile-first system, it’s hoped to decrease cart abandonment rates by up to 66%, which could provide a big boost to revenues for online retailers.
How big are the threats of fraud and cybercrime – and how will the new rules help prevent them?
One-step authentication is becoming less and less secure. Only requiring one piece of information – something the user has – can be hacked or taken with relative ease. It’s estimated that £376m of online fraud is committed in the UK each year.
With customers now needing to identify themselves with two categories, these new rules mean that even if someone manages to obtain debit or credit card information, they won’t be able to use it for online purchases without getting a passcode.
It’s a move designed to reduce the amount of online fraud, giving consumers more confidence in making online payments and helping retailers offer more security to their customers.
Will there be any instances in which the new rules don’t apply?
There are several exemptions to the new rules, such as low-value transactions, transactions from businesses chosen by the cardholder – and B2B payments between corporations.
They can be viewed on Visa’s handy ‘Preparing for PSD2 SCA’ guide here.
What will the new rules mean for DivideBuy customers, and what forms of identification will be required?
The new measures should mean minimal fuss for DivideBuy customers, and we’ve outlined the steps below to make the process as easy as possible.
The changes do mean that all customers will need to provide two forms of identification to their bank when shopping. If they cannot be successfully identified using these two factors, their payments may be considered non-compliant and subsequently declined.
If you are a DivideBuy customer and have taken out a payment plan between March 2021 and February 2022, you will be required to authenticate your identity with 3D Secure 2 verification before you can make any further payments.
Please follow these steps to complete this process:
- Log in to your online portal
- Follow the prompts to complete a two-step identification verification
- A payment of £1 will be taken from your account to verify your identity. This money will be deducted from your next monthly bill.
- Once this is approved, you must repeat the same process for any additional orders with DivideBuy, however the £1 transaction will not be required more than once.
This simple three step process ensures the person accessing the DivideBuy customer account is genuine, enhancing the level of online protection and ultimately helping to reduce the risk of fraud.
All customers must complete the steps above the next time they log into their account. Any agreements set up on or after 1 March 2022 will have had the new rules applied automatically so no further action will be required.
Is there anyone I can speak to for more information about how SCA will impact me?
If you’re a customer wanting more information, our UK based customer service team is available seven days a week and are also available to chat online during the following hours:
- Monday to Friday 08:00am to 8pm
- Saturday 08:00am to 4:30pm
- Sunday 09:00am to 4:30pm
If you’re an existing DivideBuy retail partner, please get in touch with your Retail Success Manager directly.
If you’re a retailer wanting more information about partnering with DivideBuy, please contact our Business Development Team.