The top four things SMEs need to do to get ready for SCA
Staying up to date with a constantly changing regulatory landscape can be challenging. The Second Payment Services Directive (PSD2) came into force on 13 January 2018 and the Strong Customer Authentication (SCA) requirements enter UK law on 14 September 2019 for in-store and online transactions.
Once implemented, SCA will make payments even more secure. As the number of online shoppers rises, so do levels of fraud, and it’s estimated that online fraudulent transactions on UK-issued cards totalled more than £393 million in 2018 alone. SCA is therefore designed to guard against the risk of fraud, providing everyone involved in the payments process a higher level of security.
Under PDS2, all electronic payments in the European Union and the European Economic Area, whether remote or in-person, will need SCA to be completed. In practise, this means that customers will need to authenticate themselves during the checkout process through the use of two discrete elements from three categories. This could be biometric, such as a fingerprint or voice recognition, or linked to something only the customer knows, like a unique passphrase or identification number, or the mobile device registered with the issuing bank or a hardware token that has been issued to them. For transactions that haven’t been authenticated, issuers will need to challenge and potentially decline the transaction – making compliance crucial to avoiding declined card payments and abandoned shopping baskets.
To help you meet the deadline and stay ahead of the regulations, below is my list of the top four things SME business owners should consider as part of their preparations:
1. Conduct a thorough review of all the ways your customers currently pay
To understand exactly what steps your business needs to take to be SCA compliant, you first need to comprehensively review all the methods that your customers currently use to pay. This includes assessing payment services both online and in-store, with reference to the FCA’s guidelines.
2. Decide on the correct authentication solution
Following the September deadline, businesses will need to support 3D Secure 1 at the very minimum. One step ahead of this is 3D Secure 2, which adds another layer of security to payments by using enhanced cardholder authentication data. If your payment options don’t support this, make sure to contact your card holder as soon as possible and submit a 3DS authentication request ahead of the September deadline.
3. Check requirements for card terminals
If you rent your card terminals from Global Payments, then we’ve made sure that you’re already prepared for SCA. If you own your own terminal, or rent one from another supplier, then you’ll need to contact your provider and check requirements.
4. Implement a clear customer communication programme, highlight the benefits of the changes required
Regulation change can be complicated, and clear communication is crucial to ensuring your customers understand the changes around payments, as well as how they’re affected. Additionally, make sure your staff are aware of the new regulations and they have the knowledge to reassure your customers about any extra security checks – including why the requests are being made and how it works to protect their payments’ security.
In the run-up to the deadline, it’s important for SMEs to re-look at how they take payments, ensuring they’re PSD2 compliant while remaining simple and user-friendly. Changes to the payments process take adjustment – but they also provide an opportunity to renew systems, creating innovative and user-friendly payment experiences that, in the long run, will benefit your business through their security and usability.