Strong customer authentication (SCA) rules for e-commerce have come into force in the UK today following delays due to the COVID-19 pandemic.
The new measures mean UK shoppers will have to provide a combination of two forms of identification at checkout when making an online purchase. These will be two of the following forms of verification: knowledge – something they know (such as a password or PIN), possession – something they have (such as a mobile phone, card reader or other device evidenced by a one-time passcode) and inherence – something they are (such as a fingerprint). This requirement applies to the millions of online and app-based transactions made every day.
SCA is designed to enhance the security of online shopping to reduce fraud cases. Research published earlier this year found that UK residents and businesses have lost £2.5bn from fraud and cybercrime in 2021.
The SCA requirement in the UK will be governed by the Financial Conduct Authority (FCA). Any vendor or merchant that fails to comply with the regulations will be subject to full FCA supervisory and enforcement action.
Active enforcement of SCA rules began in the EU from January 1 2021, following the Second Payment Services Directive (PDS2). However, the deadline for enforcing PSD2 SCA requirements in the UK was extended until March 14 2022 to help ensure minimal disruption to merchants and consumers.
Commenting, Rene Hendrikse, MD EMEA at Mitek, said: “For banks, verifying that a customer is who they say they are with every high-risk transaction will be transformative. As often with regulatory change, technology is the obvious choice to ease the burden of compliance. Crucial to success is being proactive and investing in the technologies that really fight fraud.
“We know that customers expect stronger security layers when banking and making online purchases. They are also more willing to share their digital identity information with banks than any other institution – even the government. For these customers, the new regulation is welcome. For others, the new hurdles may be seen as more of a nuisance than as a vital anti-fraud measure. They want a quick and simple experience, which is possible with SCA – having every part of the authentication process happen within one app is key.”
New research from Barclaycard analyzed the impact of SCA checks on online shopping in February, with two-factor authentication measures ramping up for e-commerce transactions ahead of today’s deadline. This demonstrated the importance of implementing SCA in a way that minimizes disruption to consumers. For example, Barclaycard’s data revealed that 14% of shoppers experienced an increase in their online payments being declined, while three in 10 abandoned baskets due to increased friction at the checkout.
Rob Cameron, CEO of Barclaycard Payments, outlined: “The introduction of mandatory SCA is the most significant payments milestone since the rollout of Chip & Pin more than 16 years ago. While the new regulation is a positive step to keep customers’ data safe online, our research shows that shoppers are inclined to abandon transactions if it takes too long to check out, demonstrating how important it is for businesses to have sophisticated fraud checks in place.”