By Galit Michel, VP of Payments, Forter
The UK Financial Conduct Authority (FCA) announced in May that the deadline for SCA compliance has been pushed back to March 14th, 2022, due to a lack of industry readiness and long-term impacts of the Coronavirus crisis on UK merchants.
The Revised Payment Services Directive (PSD2) was initially scheduled to go into effect throughout Europe on September 1st, 2019, and then pushed to December 31st, 2020. The global pandemic and evident impact of the regulation on merchants led many countries to push the deadline back, However, the latest FCA extension makes the UK the very last country to require full PSD2 compliance.
This extension is expected to be the last before full PSD2 enforcement in the UK, making this the last chance for UK merchants to look in-house, examine their operations, and get their SCA ducks in a row.
What the Delay Means for Merchants
The FCA deadline extension is a clear win for UK merchants who have had a tough time with the outbreak of the Coronavirus and cannot afford to lose revenue due to SCA issues.
Instead of being alarmed by the sudden drop in conversions, UK merchants can take the time to learn from their European counterparts, examine the true impact PSD2 has on conversions, adapt their payment process, and monitor the readiness of their payment ecosystem before SCA is enforced.
This added time is a huge opportunity for merchants, especially given the dire impact SCA has had on conversion, revenue generation, and profitability for merchants in other EU countries.
UK merchants should recognise this extension as the opportunity it is, and familiarise themselves with the critical changes PSD2, and particularly 3DS, impose on their customers’ checkout experience. This includes ensuring they are able to request exemptions, understanding the difference between 3DS methods and knowing which one their providers are using, implementing solutions to create a frictionless and compliant checkout process, and protecting their business from risk.
The problem with PSD2 is 3DS
PSD2 requires Secure Customer Authentication (SCA) to be performed on all transactions, most frequently done through 3DS. This is a problem for merchants who want to increase revenue generation and create a frictionless checkout experience for their customers.
In theory, 3DS is great; when 3DS is applied, liability shifts to the issuers, and the merchant can ensure they are PSD2 compliant. However, 3DS also creates many challenges for merchants.
One of the most significant problems with 3DS is the friction that it causes consumers. By adding additional touchpoints to the checkout process, the chance of abandonment and human error rise. In addition to challenges on the consumer side, 3DS brings about many challenges from the payment ecosystem side.
The 3DS process requires the entire payment ecosystem to be 3DS ready, or transactions will not be able to be processed. Many failure points can occur during 3DS, including technical failure, authentication failure, and more. 3DS also increases the risk of a transaction being falsely declined due to the aversion of banks to assume liability for transactions they are unsure of. Legitimate transactions that are denied result in lost revenue as well as damage a brand’s reputation.
As PSD2 has gone into effect throughout much of Europe, many merchants have experienced these challenges first-hand and on their bottom-line. In France and Spain, merchants have experienced a 25% decline in conversion rates, which is better than merchants in Germany and Italy who have seen conversions decline by over 30% and 40% respectively.
The decline in conversions costs European merchants millions of Euros. While the UK payment ecosystem is more prepared for PSD2 than other countries, merchants may still see a conversion decline of 15-20% once SCA is enforced – unless they do something now.
What other merchants wish they knew
One of the key things European merchants have learned post-PSD2 enforcement is that they need to do everything possible to provide their consumers with a frictionless checkout experience.
The best way to do that is by leveraging exemptions to their advantage.
Under PSD2, merchants can apply for SCA exemption for eligible transactions such as low-risk exemptions, low-value exemptions, recurring payments, and more. However, to know if a transaction is exemption eligible and go through the steps of requesting the exemption requires having an exemption engine in place. Merchants should be careful to only request exemptions from acquirers that have agreed to process exemptions from them, or they will risk the transaction being declined.
While exemptions can reduce the friction on consumers, when a transaction is processed without 3DS, the bank does not assume liability, leaving the merchant responsible in the event of fraud. To protect their business while maximising exemption requests, merchants need a powerful fraud prevention partner. This is especially crucial as fraud rates are increasing globally, and merchants that want to process transactions without SCA will be liable for any chargebacks.
However, relying on exemptions does not guarantee frictionless checkout; some transactions still do not meet the exemption requirements while other transactions may be declined by the issuer even if they are exemption eligible. When this happens, merchants need to have an alternative solution – namely, Dynamic 3DS.
Dynamic 3DS uses real-time information and behavioural analytics to provide consumers with a 3DS experience that is as frictionless as possible. The Forter Dynamic 3DS solution coupled with the covered model enables merchants to enjoy the same liability and higher conversion rates. In just five months, Forter has increased approval ratios for global merchants, increasing conversions to close to their pre-PSD2 levels.
UK merchants that want to provide customers with a frictionless checkout experience need to take the time now to ensure their payment optimisation partner can request exemptions on their behalf, that their payment partners are able to process exemptions, and that they can provide alternative checkout experiences to their customers when the transactions are not eligible for an exemption.
SCA is not a drill
It seems like the threat of SCA has loomed over the heads of UK merchants for so long that they no longer fear it. From my experience in the payment industry, I can firmly say that this delay is just that – a delay.
Despite taking longer than expected, SCA enforcement will still reach the UK borders, and when this happens, the merchants that did not take the time to plan, prepare and test their PSD2 solution will suffer the consequences.
It is important to note that when SCA enforcement goes into effect in the UK, it is very possible that 3DS2.2 will already be released. This will create even more opportunities for merchants to reduce the impact of PSD2 on their operations and ensure their revenue generation and profitability stays high. Merchants that still use 3DS1 or are not prepared to use 3DS2.2 when it is released will not be able to support exemptions at a large scale via 3DS on rails, nor will they be able to leverage delegated authentication to their advantage.
To ensure they are ready for PSD2, UK merchants need to examine their solution today, involving their PSP’s, issuers, and the entire ecosystem in the process. Merchants need to pay close attention to their monitoring capabilities and understand exactly what is being counted to ensure they get a full overview of the state of their operations before and after SCA enforcement.
While the SCA enforcement date may seem far away, adapting the entire payment process may require significant changes on the merchant’s side. By starting early, examining their PSD2 solution, partnering with the right payment optimisation solution, and learning from the mistakes of their neighbours, UK merchants will be able to continue generating revenue and profit while being fully PSD2 compliant.