On September 14th, PSD2 came into force, the new European Payments Directive, whose main objectives are to increase security, protect the end user and encourage innovation.
One of the main changes introduced by this standard is the mandatory application of Strong Customer Authentication (SCA) in transactions, which would mainly affect those carried out online. According to the SCA, online purchases should be authenticated by a minimum of 2 out of 3 factors (something the user knows, something the user has or something the user is), which is a further step in the purchase and could therefore affect sales.
However, in view of the effects that the SCA could have, and given the low level of preparation of the affected actors in different European countries for its implementation, the European Banking Authority (EBA) has granted an extra period of up to 15 months in the application of the SCA for online payments. This moratorium must be confirmed by the Competent Authority, the Bank of Spain in the case of our country, which will be aligned with the deadline recommended by the EBA, applying these 15 months of transition.
EBA establishes and clarifies some key points in order to implement this delay. On the one hand, notification of migration plans will be required. Although the EBA does not set quantitative targets, it does require issuers and acquirers to specify their targets (which should include information on their current and planned solutions and technologies for authentication and the inclusion of cardholders and merchants in SCA-compatible solutions and the implementation of exemptions). In addition, it clarifies that this delay in the application of the rules will only apply to ecommerce card transactions, not covering bank transfers, direct debits or contactless.
Despite this moratorium period, it is important for merchants to take advantage of the extra time to prepare and ensure that, when the SCA becomes mandatory, their customers can continue to enjoy the best user experience. But how can this be achieved?
Educating the client will be essential. They must have prior knowledge of the new regulations, so that when the time comes they have the necessary tools to perform authentication, and understand why do they have to complete new steps in their purchase. With a good previous communication, it will be possible to achieve that the client perceives the directive as an increase of its security, and therefore as something positive that promotes online purchases.
Therefore, merchants and different players in the payment sector should not see a threat in the reinforced authentication of the customer, but should turn it into an opportunity by anticipating the changes and their final inclusion in the online environment. Sipay Plus, the Spanish payment gateway, highlights the importance of having partners capable of advising and guiding merchants in their evolution towards payment and authentication methods that allow them to offer greater security while maximizing the user experience.