Let’s Talk About Strong Customer Authentication

Let’s Talk About Strong Customer Authentication

eCommerceeCommerce LawsFraud

Most businesses have by now heard about PSD2 and Strong Customer Authentication (SCA). It seems to be a topic that is scaring a lot of eCommerce brands out there. But no one really knows how much it will affect sales or achieve its goal of reducing fraud. So, let’s talk about SCA and what we do know about it.

What is it?

SCA is a method of verifying a customer through something they know, something they have, or something they are. The new directive requires companies to ensure that customers provide at least 2 of the 3 identification methods. For example, they can use a fingerprint on their mobile device (something they are and something they have). Or they can use a computer with a token along with a pin (something they have and something they know). Or they can use other combinations to reach the same result.

Why is it?

The intent of SCA is to protect both European consumers and banks by reducing fraudulent purchases online.

When is it?

The requirement for SCA goes into effect on September 14, 2019. That means companies need to prepare for this change now.

Where is it?

It will be enforced for customers in the EU and transactions going through EU banks and payment providers.

Who is it?

Compliance is required for any company doing business in the EU, serving EU customers, or transacting with EU banks. Most of the implementation will fall on payment providers. However, eCommerce companies may be the ones impacted the most by the legislation. If the added security requirements cause more people to fall out of the conversion funnel, revenue may drop for merchants doing business in the EU. But we won’t know the actual impact until the law goes into effect.

How can you prepare?

Talk to your payment service provider (PSP). If you have customers in the EU or that use EU banks, you’ll need to ensure that your PSP is going to be compliant with the new rules. Ask questions about exemptions and find out what the workflow is. Whether they plan to use 3D Secure 2.0 or some other authentication system, you’ll want to know the process and how it will affect your customers.

Keep your customers informed. If this will lengthen your checkout process, let customers know in advance and explain that this is for their protection. The more transparent you are with your customers, the more likely they are to trust you and keep coming back.
Find other ways to reduce your overall fraud. While this process is only required in the EU, your PSP may implement stronger authentication anywhere. By ensuring that you have a low fraud threshold overall, you can qualify for more exemptions and keep you and your customers protected.

This is where NS8 can help.

With NS8 Protect, you can set order rules that automatically weed out bad orders and cancel them. For example, you can flag high risk orders for review or cancellation. You can adjust what you consider risky and what happens to orders with different risk factors. For more information on recommended order rules, check out our article on Suggested Order Rules.

You can also identify bad traffic that is leading to fraudulent orders on your site using our dashboards. The Suspicious Order Screen can be adjusted to show campaigns that users came from. Here, you can see if any specific advertising campaigns are bringing in fraudulent traffic and cut it off at the source. With our Google Analytics integration, you can even adjust your campaigns to exclude this traffic.

To get more specific help on how NS8 Protect can reduce fraud overall for your company, contact our Client Success Team for an individual review and customized suggestions.

Post Author: Jackie Long

Jackie Long

Blog Manager at NS8. With a varied background and over 5 years of content creation experience, Jackie works hard to provide a compelling range of informative articles.