From 31 December all European online stores will have to adapt to a new payment security system: Strong Customer Authentication (SCA), i.e. two-factor authentication, which consists in verifying at least two different types of elements to ascertain the identity of the consumer when making a payment. In practice, it will be mandatory for those who manage and receive payments online to request, before each transaction, additional information to those commonly requested today.
The SCA serves to make online payments safer, but for companies, banks and also for those who shop online, this novelty could create some difficulties, at least in the first period.
In fact, those who buy online tend to prefer those sites that offer a fast shopping and payment experience, without too many steps, and perhaps without even having to register. It's a phenomenon that has become even more relevant in recent months, when, with shops closed due to the pandemic, many people have begun to do most of their shopping online. For this reason, in the early days after the introduction of the SCA, some e-commerce companies could suffer from it in terms of unfinished sales (i.e. undergo an increase in the so-called abandonment rate): it could be a risk especially for smaller shops, which already they suffer competition from large generalist sites, often preferred as they allow you to buy various kinds of items in the same place.
Visa, a leading international digital payment company, is working to help make the transition to SCA easier for everyone: shops, banks and consumers.
What exactly is SCA?
When we use a payment card to buy something in a physical store, the security of the purchase is guaranteed, so evident, from the verification of two factors: the validation of the card, which takes place through the reading of the chip by the POS, and the authentication of the customer, through the insertion of the secret code, the pin.
In the same way, with the SCA for the payment authorization, at least two different types of verification elements will be needed: in addition to the card data, therefore, a fingerprint can be requested, since many devices now have special sensors, or more simply a password or an expiring numeric code, such as those generated with keys or apps and used to access, for example, home banking services.
As an integral part of its commitment to supporting small and medium-sized enterprises, Visa is carrying out information and education initiatives for merchants and payment system providers on the most correct ways to get prepared for the application of the new verification systems. by the SCA, in order to ensure maximum continuity for online commercial activities. The most negative impacts, in terms of lost sales, could in fact occur precisely for those companies that have not fully adapted.
Visa's advice for small and medium-sized businesses
To make sure they can continue selling online once the regulation is enforced, Visa recommends companies to focus on two things. The first is the implementation of new technological systems. In practice, this means that sellers must start immediately asking the bank or the service that handles transactions for them which technologies they offer and what will be needed to comply with the requirements of the SCA without having to slow down the user experience. .
According to Visa, the best way for banks and sellers to facilitate the purchasing process in compliance with the new rules is to use EMV® 3-D Secure technology – it is an American registered trademark, owned by EMVCo. In short, EMV 3-D Secure allows you to analyze payment requests as they are made, but before the amount is debited. This technology allows the bank to ask the customer for the second factor required by the SCA as a further confirmation of his identity.
In physical stores there are exceptions to the pin request: contactless transactions under a certain spending threshold (which from 2021 will be equal to 50 euros). They are allowed because the contactless system has proven to be safe as well as convenient. Similarly, even for online transactions, there are cases in which the SCA will not be strictly mandatory and the second advice of Visa for companies concerns precisely this aspect.
Businesses should inquire about those types of payments that, even after the introduction of the SCA, will be exempt from the second factor rule, and report these cases to the bank or payment service on their site. In fact, for example, two-factor authentication will not be mandatory for:
payments to trusted beneficiaries: ie when the cardholder reports to the bank that a certain online store is a trusted store; in this case two-factor authentication will be required only for the first payment; “low risk” transactions: that is, payments of less than 500 euros, but only in the event that the card issuer or the company managing the transaction proves to have a level of fraud below a certain threshold; low value transactions: i.e. payments up to 30 euros, but only up to a maximum of five consecutive transactions or for a maximum cumulative expense of 100 euros from the last payment verified with SCA; recurring payments: those that are made, for example, in the case of subscriptions to television content services, which require the payment of a fixed cost once a month; also in this case, authentication is required only the first time. Among other things, Visa is collaborating with banks and companies precisely in this direction, that is, in interpreting the various cases in which SCA is applied and in understanding the developments necessary to streamline processes as much as possible. Visa's general advice for companies is to start moving on these two fronts right away: even if the SCA has not yet entered into force, arriving prepared for that moment will help prevent sales from being affected.
Visa's other initiatives for small businesses
In recent months, Visa has carried out several initiatives in support of small and medium-sized businesses, starting with a of activity that it has recently inaugurated and which aims to support 8 million companies at European level. In Italy, for example, Visa has created – in collaboration with some of the largest companies in the digital field – a new platform to support the digitization of small merchants and small and medium-sized enterprises. On the platform – accessible from the Visa Italia portal – companies can find quick, innovative and simple solutions to bring their business online, accept electronic payments and grow their business through digital tools and services.
On the consumer front, Visa also launched #dovecompriconta, an information and awareness campaign on social networks, to invite people to support neighborhood shops and local businesses.