TrueLayer Blog | How to avoid SCA headaches with open banking
Background image

How to avoid SCA headaches with open banking

While SCA for cards has been delayed in the UK again, European merchants are suffering. Here's how open banking can help.

Strong Customer Authentication (SCA), one of the requirements under the Revised Payment Service Directive (PSD2), has been gradually coming into force across different payment types since 2018. The last payment type to be affected is cards. It means any person making card payments online will need to confirm their identity by providing two separate identification factors – a big change from just entering long card details.  While European merchants have been struggling with SCA requirements for cards since 31 December last year, issuing banks in the UK have lobbied for delays, and the Financial Conduct Authority (FCA) has moved the UK enforcement date to 14 March 2022.One of the most significant concerns for businesses and card issuers is that SCA will negatively impact conversion rates. Some studies suggest it could reduce conversion for online card payments by 30%, and businesses could stand to lose billions in online sales. The implementation of SCA for cards remains new and unproven. Most examples today show it adds significant friction to the online checkout experience. In contrast, open banking payment providers have been required to include SCA since 2018. UK and EU banks have been warned by regulators to ensure SCA journeys for open banking are as frictionless as possible.This headstart, and steers from regulators, means SCA works well in open banking payments. So, there’s huge potential for it to help merchants mitigate the impact of SCA on card payment conversion. In this blog, we'll cover what SCA looks like in practice, the impact it’s having on merchants and how open banking can help.
Navigating SCA: how can open banking help? Watch ondemand this digital masterclass and listen to the panel discussion with Merchant Payment Ecosystem.

What is SCA and why is it needed?

Essentially, it means consumers need to take extra steps to pay online in order to prove that they are who they say they are (and not a fraudster using the payment instrument without authorisation). Strong customer authentication is not new. You’ll be familiar with it if you’ve used your card in a shop and had to enter your pin. This is using two factors for identification:
  1. the physical payment card in your hand (which identifies you as the cardholder)
  2. the knowledge that only you have of your PIN number
In 2015, EU rules were created to extend this to payments made online, including card payments (previously customers could pay online using only the numbers printed on their bank card).These rules created a new set of authentication factors for online and point of sale payments:
  • Knowledge: Something they “know,” like a password or PIN
  • Possession: Something they “own,” like a phone or payment card
  • Inherence: Something they “are,” referring to biometrics like fingerprint or facial recognition
The ultimate goal of SCA is to reduce fraud and to make online payments more secure. This is long overdue. There were over 2 million cases of card fraud in the UK in 2020, valued at £574m (according to UK Finance). Resolving these unauthorised payments is a huge worry for consumers and a burden on merchants.

What does SCA look like in practice?

Card issuers in the EU and UK are now being required to align with other payment types (including open banking) by introducing multi-factor authentication. This has meant the rollout of new technology (such as 3D Secure 2 – “3DS2”) by card issuers and schemes. But the implementation of SCA for online card payments remains inconsistent and unproven. Most examples today, show that it adds significant friction to the online commerce experience. We’ve analysed a number of SCA payment flows (like this one from NatWest) – and found that payers typically have to go through 10+ steps to complete a purchase.

What’s the impact for merchants?

One of the most significant concerns for merchants is that SCA will impact conversion and abandonment rates. And since card payments still dominate ecommerce checkouts, European businesses could stand to lose €108 billion in one year.The concern has been so great that The EuroCommerce and Ecommerce Europe associations wrote to the European Banking Authority in April this year to outline the problems that European retailers are facing with increasing failure rates, as well as new-SCA related fees from card providers.According to these bodies there are structural problems with SCA compliance for cards including:
  • Consumer 3DS enrolment with issuers
  • Issues with the availability, usability, or mis-interpretation of the available exemptions – notably those based on transaction risks analysis
  • Access control server providers (which facilitate 3DS messages and authentication) are failing to address issues
  • Timing and latency issues between the issuer’s 3DS page and the final payment confirmation page

How can open banking payments help?

By adding open banking payments to the checkout, merchants can boost overall conversion rates and reduce abandonment caused by poor SCA flows. Open banking payments have been designed to comply with PSD2 and SCA from day 1 (since 2018). They’re inherently secure and the user flows have been refined over the last two years to make it easy for customers to pay this way.
  • In the UK, the largest banks were required to follow guidelines which has led to much more consistent payment journeys
  • As a result, open banking payments typically involve 5-7 steps (compared to 10+ for SCA card journeys)
  • Merchants offering open banking payments through TrueLayer find it achieves 30% share of checkout on average within a few months. They also report that customers who pay this way mostly don’t go back to paying by card.

Consumer protections for open banking

Open banking payments are safe by design, but no online purchase is 100% risk-free. In the event that something goes wrong, consumers have legal protections – as with other types of electronic payment. For more information, read our guide to consumer protections with open banking.
Navigating SCA: how can open banking help? Watch ondemand this digital masterclass and listen to the panel discussion with Merchant Payment Ecosystem.

Written by

Head of Policy & Regulatory affairs
Jack is a former policy adviser at the UK banking regulator, the FCA. He led the FCA’s approach to regulating firms under the new Payment Services Directive (PSD2) and assessing banks’ readiness for open banking.

Recent blog posts