Businesses that run an ecommerce facility to allow customers to purchase from them online might need to update their website design in Kingston after the European Union (EU) introduced a new verification step.
The Payment Services Directive (PSD2) has been set up to provide better protection for those conducting payments above €30 (£26.60) online.
The reason behind the new Strong Customer Authentication (SCA) requirement in Europe is to make buying things on the internet more secure, and to reduce incidences of fraud.
Users might have noticed they now need to put in an additional authentication before they check out, so that at least two forms of verification have been inputted. These include a password or PIN; the confirmation of a secondary device, such as a phone; and fingerprint or face recognition.
Strong Customer Authentication is required when online payments are initiated by the customer and both the business and the cardholder’s banks are located within the European Economic Area (EEA).
Therefore, SCA will be required for most card payments and all bank transfers, with users most commonly needing to access a one-time passcode through their mobile phones.
However, an article in the Telegraph reports that this could negatively impact some customers: “This has left those without a mobile phone or who live in areas with poor signal struggling to make purchases online.”
Some people also believe that while the process keeps customers’ information and purchases more secure, it is another hurdle for them when it comes to online shopping.
Co-founder of PayKickstart Mark Thompson wrote in The Next Web: “What’s just one extra step for the consumer – a click to accept cookies, receive marketing emails, or confirm a transaction – that’s another obstacle for the seller to closing a sale or getting the lead. This can significantly impact the business’ conversion rates and revenue.”
While the new regulations came in force on September 14th, the Financial Conduct Authority (FCA) agreed a plan to implement SCA over the course of 18 months. This will allow those in the ecommerce industry – such as card issuers, payments firms and online retailers – time to update their processes to fall in line with the new rules.
Businesses will not be penalised if they do not meet the SCA requirements straight away, so long as they can prove they are making changes to comply with the rules by the time the deadline arrives. This includes undertaking required testing to ensure SCA applies adequately and without disruption to the customer.
Jonathon Davidson, executive director for supervision – retail and authorisations at the FCA, said: “While these measures will reduce fraud, we want to make sure that they won’t cause material disruption to consumers themselves; so we have agreed a phased plan for their timely introduction.”
With just a month to go before Britain leaves the EU, it is uncertain whether organisations in the UK will have to comply with this specific legislation. SCA could form part of the Brexit agreement terms, or it could be something the country decides to implement independently.
