News and resources on payments systems, innovations and initiatives worldwide.
EC's refusal to delay SCA 'kicking retailers while they're down'

EC's refusal to delay SCA 'kicking retailers while they're down'

The European Commission's refusal to further delay the introduction of Strong Customer Authentication rules for online transactions could cost merchants up to EUR90 billion in lost sales for 2021 alone, claims payments consultancy CMSPI.

Despite industry calls to reassess in light of the Covid-19 crisis, last month the EC confirmed that it will not follow the UK's lead and extend the SCA deadline from 31 December this year.

The deadline has already been put back by 15 month.

CMSPI says the rules - which demands a two-step verification process for all online purchases over EUR30 - will add complexity at the checkout and make life harder for retailers after what has already been a tough year.

The consultancy claims that the extended deadline for the UK - until September 2021 - is set to prevent EUR17 billion in disruption to the economy, with "only" EUR7 billion in failed transactions.

In Europe, merchants could face up to EUR90 billion in losses as they rush to implement what may be "suboptimal solutions," argues CMSPI.

Toby McFarlane, head, approvals and fraud, CMSPI, says: “This is hugely disappointing news for European merchants. Not only do they now have limited time to prepare, the knock-on effect of approval rates, and therefore lost revenue, is potentially staggering."

Comments: (8)

Vernon Crabtree
Vernon Crabtree - My comments are my own - Utrecht 13 July, 2020, 09:08Be the first to give this comment the thumbs up 0 likes

Seems very biased towards merchants - "kicking the merchants while they are down?". In the mean time, we can kick the consumers while they are increasingly dependent on trustworthy online services, and allow fraud
I say: bring it on

Melvin Haskins
Melvin Haskins - Haston International Limited - 13 July, 2020, 09:211 like 1 like

I agree with Vernon Crabtree - Why should consumers continue be exposed to fraud any longer? I am surprised that it has taken so long to introduce. The fifteen month delay was reluctantly agreed before Covid-19 became an issue. Further delay is unacceptable to consummers.

A Finextra member
A Finextra member 13 July, 2020, 11:15Be the first to give this comment the thumbs up 0 likes

I disagree with Melvin and Vernon. There is a very simple way to reduce fraud online: ban ecommerce. Clearly, this is also "unacceptable to consumers", and the environment from January 1st 2021 onwards will not be too far away from that scenario. If either of you have not experienced 3DS in its current form, then I would encourage you to do so - under 20% of banks are ready in Spain, for example, and even when they are ready it can take up to 3 minutes on average to authenticate.

On the fraud point, it would be naive to assume that fraudsters have not been working hard on bypassing SCA solutions since the regulation was announced. Why, then, would we settle for implementing unproven technology with no time allowed for testing these solutions? Surely this just makes fraudsters jobs even easier? Let's move the deadline back and implement some properly robust and consumer-friendly solutions, rather than keep the deadline and force an online catastrophe before going back to the drawing board anyway.

A Finextra member
A Finextra member 13 July, 2020, 13:031 like 1 like

Given that the EBA and the Commisson are reluctant to follow the (very sensible) lead taken by the UK FCA and grant any further delays to the implementation date, there really is a high likelihood of this becoming a major catastrophe for consumers with transaction requests being declined and/or authentication taking too long to complete and them abandoning the sale thus losing confidence in the system. Rather than delaying compliance, relaxing the enforcement measures for a period of time and allowing card issuers to authorise even if not all markers are in place, would seem a more sensible approach which would give all parties time to identify the pinch points and address them accordingly but without losing the more important sale and denting consumer confidence. Personally, as a consumer and reguylar on-line shopper, I am NOT looking forward to the implementation of Strong Customer Auhentication, nor do I feel it necessary. Even if it turns out to be fraud, so long as I've done the basics, I won't be liable anyway. Frankly, I really don't need any more obtacles put in front of me.  

Vernon Crabtree
Vernon Crabtree - My comments are my own - Utrecht 13 July, 2020, 13:08Be the first to give this comment the thumbs up 0 likes

Just to clarify my statement "seems very biased" - I am niether for or against moving the deadline, but this particular piece of reporting is biased towards the party that has the most to gain by the status-quo.
Discussion should be based on merits and values from both sides, not just merchants

A Finextra member
A Finextra member 13 July, 2020, 13:171 like 1 like

@Vernon. I think you'll find that almost all the stakeholders involved in delivering SCA compliance agree that a delay or failing that, postponement of enforcement, would be the preferred outcome - as referenced by the various 'industry letters' sent to both the EBA and Commision. Surprisingly, it's the consumer associations Europe who are strongly opposed to further delays - especially given that it's their members (consumers) who stand to suffer the most from a problematic implementation. Don't forget too that merchants have their customers interests at heart and want to ensure a smooth and risk free shopping experience as possible. Fraud in e-Commerce is, as far as I'm aware, not increasing. It's other types of fraud that are, such as impersonation fraud, e-mail scams etc, that are the biggest threat to consumers at the moment and SCA does nothing to address those.

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 14 July, 2020, 13:101 like 1 like

I normally tend to wonder whether Retailers Want To Have Their Cake And Eat It Too? But, in this case, I'm on their side.

Also, SCA is not going to protect consumers' interest by any stretch of imagination. Lack of SCA may lead to fraud, which is a < 1% problem but, going by the 2FA experience in India for the last 10 years or so, SCA will lead to tremendous friction and failed payments, which will easily be a >10% problem. Net net consumers will stand to lose, not gain, due to SCA.

A Finextra member
A Finextra member 16 July, 2020, 07:03Be the first to give this comment the thumbs up 0 likes

To look at this issue through a single lens of consumer protection from fraud is short sighted. Yes, everyone in the eco system wants to drive fraud out. The question is at what cost? The data proves the eco system simply isnt ready. For the top tier Merchants that are as prepared as possible, they are looking at mass abandonment of purchases and authorization rates crashing. In fact, after Dec 31 the largest global Merchants will have a distinct advantage over the smaller local Merchants as they will be more prepared. If the industry wants to drive fraud out of the system because consumers will be unable to purchase, we should put our heads in the sand and plow ahead.