The SCA compliance deadline is around the corner: Are you ready?

March 18, 2021

It might seem a long time away, but March 14, 2022, will be here before you know it. That’s the deadline when Strong Customer Authentication (SCA) will become mandatory on all electronic payments in the U.K. With so many small businesses already taking online payments due to the impact of COVID-19, it’s critical to make sure your business is ready for compliance, and is familiar with the regulations included in the Second Payment Services Directive (PSD2).

Delayed, delayed again, and again

You might recall that the SCA enforcement date across the European Economic Area (EEA) was originally slated for September 14, 2019. But as this date approached, it became clear that the industry was not yet ready for such a big change. To ease the burden on businesses, the European Banking Authority announced in June 2019 that each country in the EEA could delay SCA implementation. All markets decided to delay and announced a range of new timeframes - typically giving an extra 12-18 months. Then the pandemic hit, and the date for SCA was further moved to September 14, 2021.

Most EEA countries have already started to enforce SCA, but the Financial Conduct Authority recently announced that SCA would be delayed one final time in the U.K., to March 14, 2022. However, it’s important that you start preparing well before this date, as some card issuers have already started mandating SCA for higher value transactions.

SCA was introduced as a core component of the Payment Services Directive 2 (PSD2), and created to combat the effects of fraud on consumers and merchants. It improves security and makes payments cheaper for consumers – both of which have implications for merchants. PSD2 introduced legislative changes to the way European payments are processed, and has significantly altered how money is handled by both businesses and consumers. The new difference with SCA is that all electronic payments will require two-factor authentication (2FA) from the cardholder to prove that the transaction isn’t fraudulent.

What is 2FA?

You are most likely familiar with 2FA. It requires the cardholder to authenticate their payment using two of the following three factors:

Electronic payments should become more secure for everyone, increase consumer confidence to make online purchases, and reduce fraud. However, if the process becomes too complex, it is possible that consumers will be put off completing their purchases if there are extra hoops to jump through. This is where SCA exemptions come in.

SCA exemptions and exclusions

Once SCA is enforced, it does not mean that your customers will be challenged every single time they make a payment. It is possible to exclude or exempt certain payments from full SCA, in the following circumstances.

SCA exclusions

Some transactions are not in the scope of PSD2, which means SCA should not be required. The key exclusions are:

SCA exemptions

Transactions that are in scope of PSD2 can still avoid full 2FA for several reasons, including:

Merchants looking to minimize the chances of customers being forced to use SCA before they buy, may want to look at modern fraud management tools, which use behavioral analytics and machine learning to assess risk in real time. Even when SCA is necessary, there are steps you can take to keep friction at a minimum. For example, the latest 3D-Secure standard supports the use of biometric authentication like smartphone-based facial recognition and fingerprint readers. There’s also improved integration with checkout pages, which could help enhance the payment experience.

What happens if you’re not SCA compliant by March 14, 2022?

Regulators are very unlikely to delay again. When the new deadline comes, you must be ready to go. If you’re not, you risk a sizable increase in declines on payments, which would be very frustrating for you and your customers. After the deadline, issuers will expect every payment to have either SCA through 3DS2 or an exemption flag. If the payment has neither of these, there is a significant chance that it will be declined – costing you revenue.

Worldpay from FIS® can help you make the most of the exclusions and exemptions you can receive, keeping your checkout flow as frictionless as possible. We can also provide you with the tools you need to help manage SCA, qualify for exemptions, and maintain PSD2 compliance. Talk to a Worldpay payment expert and find out how our payment solutions can help you become SCA compliant.