On September 14, 2019, a new regulation was introduced in Europe known as Strong Customer Authentication SCA, this regulation applies to online payments within the European Economic Area EEA where both the cardholder’s bank and the business’s payment provider are in the EEA. SCA is part of the wider regulation kicking in named PSD2.
If a merchant cannot authenticate or exempt a transaction that is in scope of PSD2, after September 14, 2019, there is a significant risk that issuers will decline the transaction.
SCA is authentication based on the use of two or more of the following:
knowledge that only the user knows; password, pin, personal info
possession that only the user has; phone, token or badge
inherence something the user is; face, voice, fingerprint
Steps to conquering:
Implement 3DS2: EMVCo and the major credit card schemes introduced a new standard – 3DS 2.0 which – simply put – broadens the range of data used to biometric authentication and an improved online experience. It addresses many of 1.0’s issues & brings security benefits worldwide
Unfortunately, for those who experienced 3DS1, implementing these steps in the checkout process might result in a massive drop in the checkout conversion rate as it requires additional actions to finalize the transaction.
Here are some of the things that can be done to mitigate:
- Enable alternative payment methods; GooglePay, ApplePay and Amazon Pay, all SCA compliant and create a much faster & frictionless checkout experience.
- Enable guests to store their payment preference; subscription and/or recurring transactions are considered ‘merchant-initiated’ and are exempt from PSD2 and SCA requirements as long as the initial transaction and/or card was authenticated. This allows truly a one-click payment experience.
How MyCheck solves this?
We’ve a JS SDK for your website and a Native SDK for mobile apps, called the MyCheck “Book”
- allows you to immediately accept those alternative payment methods without any additional integrations
- it initiates a 3DS2 flow even if it is a “card on file” transaction, the card is authenticated and passed to the relevant provider (PMS/CRS)
- allows you to offer loyal guests and/or members, the ability to store their preferred payment methods for friction-free repeat
- takes you completely out of the PCI scope
This article was originally written by the MyCheck team. It has been moved here as part of the Shiji Group family of hospitality technology brands.