We’re all aware what Strong Customer Authentication (SCA) means for our industry overall. There’s still some uncertainty, however, about what it could mean for chargebacks. Will chargeback rates decrease in the post-SCA environment, for example? Or is there more to the situation?
The experts from Fi911 analyze the subject in a recent white paper.
3-D Secure Version 2.0 was mandated in the EU in April 2019. The purpose of this move was to help online businesses streamline the implementation of SCA. 3-D Secure. Version 1.0 was not popular with merchants, many of whom believed that increased friction during checkout offset the potential benefits.
The most recent version as of this writing, 3-D Secure 2.2, aims to address some of these shortcomings by offering:
. 3-D SECURE 2.0 Greater data sharing to facilitate more accurate decisioning;
. Support for more advanced authentication methods;
. Less disruptive authentication flows.
Roughly 80% of issuers plan to invest in machine-learning and rules-based engines to facilitate SCA processes by the end of 2021.
Ongoing problems with SCA adoption
The Indian government enacted a requirement similar to Strong Customer Authentication back in 2014. When that happened, some businesses reported an overnight conversion drop of more than 25%. If we transpose that to the European market, a 25% drop in conversion would have equated to a potential €150 billion economic loss in 2019.
We can expect that some hiccups will be inevitable with any major change to operations in the payments space. Some of these issues will be sorted with time; however, initial reports from the SCA adoption process are not encouraging.
Those operating in the payments space have a lot of work ahead of them to get everyone on board with SCA standards. As Microsoft Director of eCommerce and Payments Dean Jordaan explains, “SCA readiness is more than just EMV 3DS enablement, it is about performance as well.” He suggests that the entire payments ecosystem still “has some ways to go” before we achieve a workable state.
Success low – abandoment high
In December 2020, Microsoft Director of eCommerce and Payments Dean Jordaan published the company’s SCA Scorecard, outlining their tests with SCA in the European market. The results raised concerns within the payments space:
Microsoft was able to authenticate 76% of browser-based transactions using SCA. For app-based (mobile and gaming console) transactions, that figure dropped to 48%. Their experience suggests that SCA enforcement will introduce substantial friction into the process.
Customers abandoned 14% of browser-based transactions, and 25% of app-based transactions, when asked to verify themselves according to SCA requirements. This suggests customers are still uncomfortable providing the verification requested.
Challenge rates for browser-based and app-based transactions sit at 72% and 73%, respectively. This suggests issuers have yet to optimize their decisioning process when it comes to SCA authentication.
The scorecard also notes that attempts at authentication stand-in remain high in a variety of nations across the continent. This suggests that customers in a number of markets, and at varying levels of national GDP, are not enrolled in SCA protocols.
Confusion about SCA liability
Surprisingly, it’s not always clear when determining the party liable for incidents in which an exemption is applied to avert SCA requirements.
Liability for transactions that are subject to SCA rests with the issuer or acquirer. An acquirer may accept liability for a transaction as a way to exempt SCA requirements. The acquirer may retain that liability, or pass the liability (or resulting costs) on to the merchant. That said, final say still lies with the issuer, which possesses the power to overrule the acquirer and insist on authentication.
NO impact on friendly fraud
Data from Fi911® suggests that global chargeback issuances will see a compound annual growth rate (CAGR) of 16.3% annually between 2018 and 2023. The majority of these cases will be instances of friendly fraud (61% in North America and 73% in Europe).
„The conditions we outlined above will likely improve with time as all parties get acclimated to SCA protocols. Friendly fraud is different, though; unfortunately, SCA will have little impact on this problem, as pre-transaction authentication can’t prevent a post-transactional threat like friendly fraud. With friendly fraud set to represent a greater share of chargebacks over time, this promises to gradually wear away the efficacy of SCA practices,” according to Fi911 experts.
For more on the steps financial institutions can take to ensure efficacy of SCA, download Fi911’s latest report: Strong Customer Authentication: The State of SCA Adoption in 2021