Many countries are watching the rollout of Strong Customer Authentication (SCA) in Europe carefully, particularly regarding the impact on fraud, liability protection and customer behavior. The implementation of the protocols has provided results that businesses the world over can now assess — and use to shape their approach the growing necessity to authenticate the identity of their own customers.
The best innovations in authentication are those that can be implemented with as little disruption to the customer experience as possible. Simultaneously, strong authentication improves the safety of online transactions. So, what can we learn from Europe that applies to alternative global payment processing scenarios?
In this article, we consider
- Lessons we can learn from Europe.
- The global outlook for authenticating transactions.
- The future of customer authentication.
Learning lessons from Europe
Although the PSD2 directive is applied equally across all European countries, there are variations in the ways that different countries have implemented it — and in how it was received.
In the Nordics, a region with a mature digital payments market, SCA was met with little resistance. The digital readiness of the financial sector and the consumers in the region gave them an advantage when it came to handling the new compliance requirements.
But the most significant advantage may be that the region didn't see the requirements as a threat. Instead, they were able to see it as an opportunity to experiment further with Open Banking.
In other parts of Europe, the reception has been different. Take Portugal, for example, where, for many businesses, SCA has been solely an exercise in compliance. Our Sales Director, Rafa Vianna explains, "Portuguese merchants are fully aware of SCA and I haven't come across any prospect or client that hasn’t implemented it. 3DS, on other hand, is still a topic that merchants need to learn more about. Many businesses still haven't optimized how they use 3DS and are losing out on sales as a result."
This is also the case in Spain, where there's still education that needs to be done around the full use cases for authenticating a transaction. “In Spain, it is important to let the merchants know that 3DS, even if creates more friction (in some cases), can protect them from fraud,” says Javier Casas, Sales Engineering Senior Manager, Checkout.com.
European success where it counts — with fraud rates
So, why is it important for global businesses to think about customer authentication and learn from Europe? There has been real success seen in Europe when it comes to reducing chargebacks using 3DS. Making authentication a part of your fraud strategy can help your bottom line.
And online fraud is an estimated $33.5 billion a year problem. That’s how much remote or card-not-present fraud cost ecommerce businesses globally in 2020. Fraud reduction was the major driver behind the introduction of SCA in Europe. The good news is that overall fraud rates are declining in countries that have implemented SCA.
The average value of fraudulent card sales across Europe between December 2020 and April 2021 fell by 33% for issuers and 30% for acquirers, according to European Banking Authority (EBA) data. The volume of fraud also fell 50% for issuers and 40% for acquirers over the same four-month period, according to The Payment Association.
Data from Visa also showed fraud declining. Between January and May 2021, the period corresponding to increasing adoption of EMV 3-D Secure (EMV 3DS), reported fraud fell by 20%. And the fraud rate on 3DS transactions was less than half that for non-3DS transactions.
The question is then, how can other regions implement authentication measures in a way that can have similar results?
Adoption of a global standard
There is, understandably, a lot of emphasis on the effect of PSD2 and SCA on businesses across Europe. However, there are other countries — outside of Europe — that have adopted similar protocols. Two-factor authentication mandates for online payments exist in Brazil (in the case of domestically issued cards), India (for domestic debit and credit card transactions over Rs2000), South Africa (for credit card transactions), and Australia (if a merchant has a certain risk profile) — for example.
Fortunately for global businesses, EMV 3DS is a global standard and the most widely used protocol to achieve SCA compliance for online card payment. So, those who have already deployed EMV 3DS in Europe can benefit from the same protocols internationally. Global businesses have found positive results using 3DS to authenticate payments and usage of the technology will probably increase as it improves.
“The pandemic has further accelerated the adoption of online payments in Australia and – unfortunately, online fraud. Businesses are aware of the need for secure authentication while balancing a frictionless customer experience,” says Chris Dahl, the VP of Sales for Checkout.com in Australia.
And, in South America and Southeast Asia, open banking is driving an increased number of use cases for authenticating customers online. The more governments that push for greater open banking for innovation and growth, the greater the need for authentication methods.
According to Joel Lam, Checkout.com’s Manager of Financial Partnerships in our Singapore office, "Better authorization rates and a frictionless, secure shopping experience is a win for all stakeholders in the ecosystem. We have worked closely with our key partners in APAC to ensure a seamless EMV 3DS rollout across the region which we believe will be the next key milestone for greater payment security."
Along with open banking, the expansion of web3 and the Internet of Things will see innovative ways of authentication becoming increasingly important. This has already been considered as EMV 3DS continues to develop. Questions on how you can send and receive payments safely and easily in an expanding network of devices are becoming more important.
Finding a growth partner
As the world continues to digitize at pace, payments sit increasingly at the heart of the digital economy. They remain key to capturing revenue, driving innovation and competitive advantage. At the same time, payments are becoming subject to more and more regulation.
Businesses in any region of the globe will need to consider their own business needs to figure out whether customer authentication will reduce fraud and protect their bottom line.