New card processing rules to affect online sales

A new process for handling online card payments could soon stop purchases if traders don’t comply with the new rules. Adam Bernstein explains the change.


nline card fraud is huge and according to Finextra Research, between 2017 and 2018, £4.1bn was stolen this way. And to illustrate how personal the problem is,

UK Finance reckons that of all frauds, 58 per cent relates to payment cards. Europe has, for some time, been worried about

the problem of card fraud and a new process known as Strong Customer Authentication (SCA) made under the Revised Directive on Payment Services (PSD2) will eventually be in place. Originally set for 14 September, in common with other EU states, the UK has just postponed introduction for 18 months to give firms more time to prepare. SCA is going to affect how the trade sells online.

New protection

SCA is to all intents and purposes an extra layer of security designed to prevent payment fraud. It ensures that online card transactions become more secure through “multi-factor authentication” – a second check to demonstrate that both the transaction and card holder are genuine. The aim of SCA is to be the ‘chip and pin’ of the online world; SCA will apply to transactions over a certain value: $30 (around £28 – August 2019). But while SCA targets the online transaction, Mark Nelsen, Senior Vice President, Risk and Authentication Products at card processor Visa, says that banks and merchants may also need to regularly check that contactless payments are made by the correct cardholder too – by asking for a PIN. “This,” he says, “might occur after a contactless card has been tapped five times in succession, or when $150 (around £140) has been spent using only contactless taps.” As to how it’ll work, SCA could mean any one of numerous authentication methods such as an online PIN or password, a device that only the cardholder can authenticate – say a smartphone, or a biometric trait such as a fingerprint or facial recognition.

SCA is going to mean a marked change to online transactions. And for some there are worries that this extra layer of protection will add unnecessary complexity, which will irritate customers who may

A new process known as Strong Customer Authentication (SCA) is coming and those selling online need to plan ahead, else they face meltdown as a huge chunk of their business will be denied.

find themselves unable to pay.

Change was clearly needed. According to a UK Finance report in 2018, UK Payment Markets, in 2017 there were 3.1bn credit card payments – an increase on the previous year of 13 per cent. The same report reckons that by 2027 there will be 3.9bn credit card payments a year. In comparison, there were 13.2bn debit card payments in 2017 (up 14 per cent on the previous year) and 2027 could see some 19.7bn debit card payments.

Changes that businesses need to make The new regime is mandatory. There will be no exceptions and if a transaction doesn’t comply then it will be automatically declined by the cardholder’s bank when they attempt to make a purchase. By not developing authentication processes that offer the least friction to consumers, firms could force them to buy from those that do offer a seamless experience.

Clearly then, the first step for any trader is to set

their systems to recognise when transactions need to abide by SCA (because they are above the 30 threshold) or when they don’t (because they’re below).

The second step is for a business to consider how SCA is to be operated by the firm. Are transactions to be authenticated by text, smartphone, email, biometric trait or other option? Visa suggests that for transactions that require SCA, businesses should have what is known as 3-D Secure 2.0 (3DS) in place to enable them to apply exemptions such as low-risk transaction analysis or perform two-factor authentication when needed. The benefit to firms of 3DS is that it allows issuing banks to verify credit card owners during the transaction process – this means that those traders using the protocol can transfer liability for fraud disputes away from themselves.

In summary

SCA is coming and those selling online need to plan ahead, else they face meltdown as a huge chunk of their business will be denied. A conversation with a merchant acquirer would be time well spent. But this brings a chance for firms to market themselves as both being secure and trustworthy. Of course, consumers want protection, but in today’s modern world, they also want simplicity and they want it now.


September 2019

October 2018

Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44