Just few months to the next compliance armageddon: on September 14th 2019, according to the PSD2 European directive, new requirements for authenticating online payments will be introduced. PSD2 is the second edition of the Payment Services Directive and, among many other regulations, introduces new requirements for the payments like the SCA – Strong Customer Authentication. The update has been made after the unprecedente growth of e-commerce transaction and the rise in electronic and mobile payments and is a good news for many customer that will finally rely on secure and more hacker-proof payments and transaction, heading towards a safer e-commerce market. Therefore many sellers fear that the poor communication and information made on this new regulation, will affect e-commerce with a negative impact on conversion rates (the share of your online traffic that converts into actual purchases), with gloomy forecasts of a ten percent points loss by average on the websites conversion rates in Europe.
SCA will come into effect, and basically you will need to build additional authentication into your checkout process. SCA requires authentication to use at least two of the following three elements: provide something that the customer knows (like a password or a PIN code), something that the customer has (like hardware or smartphone), something that the customer is like fingerprint or facial recognition. If the customer doesn’t provide two of these three elements the checkout process will be stopped and the transaction denied. Of course there will be a minimum amount to enforce a stronger authentication requirement (like touchless credit cards that require a PIN code for purchases over €25).
E-commerce merchants will also have to implement dynamic technology upgrades like the 3D security 2.0 to address some of these challenges, that provides some new features in this new version like the ability to authenticate a transaction using a biometric method, something that many mobile phones offer these days, but that’s not widespread common or correctly initialized and configured in many customers device especially in countries less advanced in terms of e-commerce penetration.
Are you ready to a smoothless transition or will you face an actual compliance armageddon?