As digital channels are increasingly pervasive in everyone’s lives electronic payments are becoming a basic necessity, as such their security is paramount. To improve security of payment transactions individuals in the EEA must authenticate most electronic payments via Strong Customer Authentication (SCA) as of 14th September 2019. At the same time, it is important to offer a user-friendly user experience at checkout to ensure that extra security does not increase abandonment and maximize conversion.
With the 2015 SCA guidelines the European Banking Association (EBA) mandated that all online payments above € 10 be SCA-authenticated. A number of industry players – including CleverAdvice – labeled the mandate as too restrictive. In October 2016 CleverAdvice published a paper that provided evidence that such a strict mandate was largely unnecessary to increase payment security and could bring more harm than benefits resulting in lost e-commerce sales due to increased abandonment at checkout. It would have brought no incentive in investing in effective risk management solutions, and the players with more ability to manage risk would have been hit the hardest. We suggested that the players with strong ability to limit fraud should have more choice in how they authenticate transactions, so the lower the effective fraud rate of a PSP the higher the transaction value that may be exempted from SCA.
The final draft of the Regulatory Technical Standards embrace several recommendations outlined in our paper – including a link between risk-based authentication and fraud rate as a driver of the exemption rules (art. 16).
On 16 October 2019 the EBA ruled that PSPs must offer fully-compliant SCA solutions by year-end 2020. However, it should be noted that art. 74 PSD2 applies as of 14 September 2019, so PSPs not authenticating via SCA bear full liability.
So even PSPs that have been lagging behind are rushing to offer SCA solutions to their customers. We call for taking the necessary care in designing user-friendly processes that provide satisfactory user experience to retain conversion at checkout and prevent lost sales. According to a recent research, nearly 20% of customers abandon at checkout due to a cumbersome and long SCA process.
In order to maximize conversion and retain sales, we strongly suggest to leverage a number of factors within the authentication process as to offer an improved user experience to the entire customer base.
A one-size-fits-all may not be the best approach to maximize conversion. In fact, an authentication process is perceived as convenient if it offers a customer journey familiar to the users. Some may find in-app experiences and the use of fingerprint the least invasive, others may prefer old-style sms OTPs as they may be unwilling to change habits. More technology addicted users may be open to use cutting-edge inherent traits including voice-recognition, facial-recognition keystroke dynamics and retina-scanning.
Offering multiple SCA processes allow customers to self-segment and use the authentication process of choice ultimately resulting in improved conversion and confidence. That will also improve customer retention as confident customers are more likely to return, increasing customer value for all parties in the value chain.
A good example could be allowing the customer to choose between in-app authentication or SMS OTP so that before finalizing the purchase customers are able to choose their preferred way to authenticate the transaction and don’t face any negative impacts of having to go down an unfamiliar path.