The latest PSD2 directive includes SCA exemptions which are available in the 3D Secure v 2.2 upgrade. Exemptions enable cardholders to process particular types of online transactions without the need for an additional authentication step. The initial introduction of Strong Customer Authentication (SCA) requirement was turning heads. Merchants and issuers feared that added friction caused by demanding the cardholder to authenticate using two out of three security elements; knowledge, possession, inherence; would cause friction, ending up with a spike in cart abandonment rates. PSD2 approached this issue by defining particular types of online payments which do not require SCA, i.e., SCA exemptions.
In 2020 nearly a quarter of the world population shopped online. To be exact, 2.05 billion consumers purchased at least one item online and contributed to the overall eCommerce growth. Let's put things into perspective; this means that roughly every fourth person you see passing by has purchased at least one item online in 2020. Cardholders are active participants of the eCommerce ecosystem. They have high standards when it comes to their online shopping experience.
The main motivator behind such a shift in customer behaviour is convenience. Purchasing online provides them with a broad offering, as well as the alternatives, backed up with easy access to information about the product/service. But what happens when there is a hiccup during the checkout process? It is naive to assume that the cardholder goes through a lengthy trial-and-repeat process. They simply move on to the next best thing. What follows is a missed opportunity for sale, cart abandonment rates soar, and customer loyalty is at stake.
A Baymard research states that too long/complicated checkout process is within the top five reasons why customers abandon their purchase and do their business elsewhere. 18% out of the 4329 survey participants expressed their reason for abandoning a purchase to be an issue during the checkout process. That means nearly 780 missed opportunities for a pinned sale; 780 customers lost during the last stage of the buyer's journey.
Until recently, eCommerce merchants had little to no influence on how the checkout experience would look like from the cardholder's perspective. They had to rely on UX designed by the cardholder's issuing bank, which often involved numerous pop-up screens and redirects. Although friction generally means more security, it raises alarm bells in customers' heads or simply annoys the end user.
By implementing the latest 3D Secure technology, including features such as Strong Customer Authentication (SCA) exemptions, cardholders enjoy a smooth checkout experience that is straightforward and demands only the necessary amount of friction, if any.
A part of the latest PSD2 directive are SCA exemptions, online transactions that do not demand an additional authentication step because they meet the predefined criteria. Being aware of the cardholders' low tolerance for friction, PSD2 introduced SCA exemptions in order to relieve merchants and issuers from having to demand SCA for each and every online transaction made. By defining such exemptions, the end-users encounter a checkout experience that is genuinely frictionless.
In order to enable the above-mentioned exemptions, a certain type of data-driven evaluation is necessary. Each exemption type demands an individual risk assessment approach, and therefore, particular data is necessary to evaluate if a transaction meets any of the exemption criteria. This demands a cautious setup of the parameters, regardless if the risk scoring engine is rule-based or relies on machine learning.
Enhanced data collection enabled by the new 3D Secure 2 protocol allows the issuer to conduct a more precise risk analysis. Fraud monitoring is necessary on both exempted and SCA-required transactions. Also, in case of merchant whitelisting, risk scoring is necessary on both the transaction risk level as well as the merchant risk level. Real-time fraud monitoring enhances the level of security and does not impact the execution of the transaction. In cases where criteria for exempted transactions are met, the cardholder will place their order instantly. However, if the transaction is flagged, an alternative authentication flow will be applied in order to prevent a possible fraudulent activity.
Although PSD2 puts pressure on merchants and issuers to apply 2FA in the form of Strong customer authentication; SCA exemptions are a convenient way of avoiding additional authentication. If the setup of the parameters is correct, honest cardholders will enjoy a fully frictionless experience. By implementing 3D Secure 2 technology, issuers and merchants are granting flexible and straightforward online payment authentication to their customers.
If you want to find out more, contact our Asseco 3D Secure Team at [email protected] or download the datasheet.