Merchants can no longer ignore Strong Customer Authentication. Having been put off during the pandemic in favour of more pressing issues (like the reduced number of customers to authenticate), it’s time for businesses to pay attention to the fraud-fighting requirement issues as part of the Revised Payment Services Directive (PSD2).

Data from Barclaycard Payments, which processes £1 in every £3 spent on credit and debit cards in the UK, shows that many online businesses are still not fully compliant with the new Strong Customer Authentication (SCA) regulation and lose out on £4.3 million worth of sales every day as a result.

To remind you, 3D Secure has been with us for more than 20 years. It was introduced as a means of combatting online-purchase fraud, and it was functional. But it was far from user-friendly. After all, this was a tool created in an era before smartphones.

If a bank card issuer thought a purchase suspicious, the cardholder was asked for a static password. Many users regularly forgot their passwords or had to dive through paperwork to find them. Furthermore, being static, the passwords became prime targets for hacking.

It was a convoluted process, often leading many customers to abandon their purchase altogether. 3D Secure v2 or EMV 3DS – 3DS1’s successor – has been introduced to be more user-friendly and more secure, using two-factor authentication.

Instead of a static password, the user is asked to enter a one-time passcode sent directly to their phone or verify their identity with a fingerprint or face scan. From the cardholder’s point of view, the authorisation process has become simpler.

From the bank’s perspective, it has also become more secure; even if the user’s card details are fraudulently obtained, it is less likely that a fraudster would also have access to the cardholder’s 3DS pin or one-time passcode.

In October 2022, 3D Secure v1 is being retired. So, to avoid the industry logjam in development, registration, and testing, card-accepting businesses should move to 3DSv2 as soon as possible or risk losing business.

But is there was another way to securely authorise online payments?

Yes. And it may be cheaper.

Introducing open banking

The revolutionary way to pay for things.

In the existing model, the cardholder enters their card details into the merchant’s website. Alternatively, that merchant may have stored those card details from a previous purchase. Despite the help of 3DSV2, that model can be time-consuming. (We’ve all had to hunt around the house for our wallets to get the three-digit security code off the back of our credit cards.) By giving the website card details to store, it can also be a security nightmare for banks; what if the website doesn’t have appropriate levels of security? A hacker could come along and steal the details for their own use.

By using open banking, the purchase simply selects their bank from a drop-down box, biometrically confirms it’s them (with a fingerprint or face recognition via the bank’s app) and the payment is sent and settled instantly.

It doesn’t matter if it’s a regular merchant or a first-time purchase, the buyer doesn’t need a banking card to pay.

But why are retail banks keeping open banking a secret?

It might be because with every purchase made using their cards, the bank gets an interchange fee, anywhere between 0.2% and 1.7%. Added up, that can be quite a substantial amount to be losing if everyone switched to open banking.

When was the last time you assessed your payment services? Talk to our specialists today about the technology and methods shaking up the sector and how they could benefit your business.