Online merchants around the world are faced with a continual dilemma regarding security versus customer convenience. On the one hand, maintaining a secure website is of utmost importance. Neither customers nor merchants want to have their financial information compromised or stolen. On the other hand, implementing additional security measures means that the level of customer convenience decreases. Customers want a smooth, easy online checkout experience, and multiple authentication steps make the process anything but easy.
In Europe, the priority is currently on secure transactions. PSD2, the Payment Services Directive 2, is a set of laws that was drafted in 2019 regarding the use of payment options across the European Union. The directive was established by the European Banking Authority (EBA) and will require all online payment portals within the EU and European Economic Area to process payments of €30 or more using Strong Customer Authentication (SCA).
The goal of PSD2 is to create a more secure transaction process for consumers and banks, ultimately reducing fraud. Online merchants that don’t yet use SCA will need to do so by the end of December 2020. Those that don’t can face heavy fines.
PSD2 requirements mean that the standard dilemma of online merchants will become even bigger. Of course, merchants want to grant their customers the ultimate secure platform. But at the same time, they also want to make it easy for their customers to make a purchase. If online buyers have to start entering all kinds of information or get redirected several times, it can make them more likely to abandon their shopping cart and not return.
To fully understand the dilemma facing online merchants, we have to understand what exactly PSD2 and SCA regulations will require.
What is SCA?
Strong Customer Authentication is an additional layer of authentication at the checkout stage of online transactions. It requires authentication through something the customer:
- Knows (like a password or PIN)
- Has (phone or hardware)
- Is (face recognition or fingerprint)
To complete checkout, customers must provide at least two of the three requirements. Anyone who’s purchased anything online knows that providing even one extra piece of information during authentication can be cumbersome, so having to input two pieces of information can make the process downright annoying. At this point, however, the EBA has decided that online security is more important than consumer inconvenience and online merchants are required to comply.
In Europe, SCA requires the use of 3D Secure 2 (3DS 2) for card payments online. 3DS is a security protocol named for the three domains that interact when using it: the acquirer domain (merchant), the issuer domain (customer’s bank), and the interoperability domain (the infrastructure that connects the two).
In 2016, EMVCo created a second version of 3DS designed to meet SCA requirements. In theory, it’s supposed to reduce the friction of 3DS (see below), but in practice, consumers can still end up getting waylaid. While the 3DS protocol is great for helping banks reduce fraud, it’s not great for merchants who end up losing customers due to a cumbersome checkout process.
Friction Created by SCA/3DS and What That Means for Merchants
In 2019, banks and card companies in the UK prevented £1.8 billion in unauthorized fraud. The need for increased fraud prevention is obvious. At the same time, online merchants have different interests than banks. They need a swift, safe checkout process that won’t make them lose potential customers along the way.
Extra security can also lead to false declines during checkout, which is when a legitimate transaction is blocked due to overly-strict security measures. False declines can end up costing merchants up to 13 times more than fraudulent purchases.
3DS means that merchants must also be equipped to handle multiple acquirers, they must be ready for multiple acquirers, each acquirer is going to show their 3d experience and merchants will find it very difficult to go from one 3d to the next between acquirers meaning experience and integration will be complicated
Ultimately, implementing 3DS can lead to a higher abandonment rate, lost sales, and a decrease in conversions. In fact, statistics show that up to 30% of 3DS transactions are lost throughout the checkout process due to user drop-off and abandonment.
How Can Merchants Prepare for PSD2?
With the ongoing dilemma of security versus convenience becoming greater with PSD2 requirements, what can merchants do to prevent lost sales and customers?
BridgerPay can help merchants meet this challenge in two ways. It offers a unified html that consolidates all the challenges of the different acquirers into one customizable, unified html. Additionally, the BridgerPay solution can perform auto-fallback seamlessly, so if one transaction portal fails, another one is tried automatically without the customer noticing.