On September 14, the technical regulatory standards that define how users of payment services must be authenticated according to the European directive (PSD2) will come into force. Although the impact will have repercussions in several environments, due to its scope on the actors involved and the volumes of business, we focus in this article on financial transactions in electronic commerce throughout Europe: millions of users, hundreds of thousands of e-merchants, payment service providers, issuing and acquiring financial institutions, as well as schemes and processors that are being affected by these impending regulatory changes.
Strong customer authentication in e-commerce
trong Customer Authentication (SCA) during a financial transaction consists, in short, of confirming the user’s identity through two of the following three methods:
- Something you know (eg password or PIN)
- Something you have (eg device you trade from)
- Something you are (eg fingerprint or facial recognition)
The regulations make room for exemptions from the strict application of this obligation (depending on the amount of the transaction, its recurrence, the risk analyzed by the acquirer or because they are corporate secure payments) and dictate that the responsibility lies with the issuing banks. and acquirer of the transaction. However, it will be the business that must adapt its online store to avoid refusals in its payments caused by this cause. Thus, the owner of the electronic commerce must have an active role in this security technology “migration” process which, in our domestic market, will mainly consist of adapting the sales process so that 3DSecure can work in its version 2, authenticating the buyer in a manner adapted to PSD2.
In this sense, although the large electronic businesses and marketplaces have sufficient resources to address this adjustment in their digital sales channels, the small and medium-sized virtual stores with their very varied casuistry, whether they are their own developments or based on CMS (Prestashop, Magento, etc. .), they may find themselves in compromising situations for the continuity of their business, especially because it is such a close deadline.
Therefore, the acquiring financial entities, as in previous technological migrations (SHA and TLS), should actively support their clients in this process, assuming the costs derived from these initiatives, which will consist mainly of making specialized support teams available to them. , to ensure that no one “gets lost along the way” and can complete this evolution satisfactorily.
The user experience after the entry into force of the new regulation: in balance, virtue.
As is well known, one of the main indicators that concerns the owners of an online store, regardless of its size, is the conversion rate of purchases initiated, so putting obstacles in the way of potential buyers in this process does not seem the best strategy to improve this ratio. Buyers are increasingly demanding and the lack of time, accompanied on many occasions by the desire for immediacy, means that the choice of the favorite store is based on the speed of payment during the purchase process, even ahead of the price of the items you want to buy.
However, it cannot be ignored that the survival of electronic commerce will only be guaranteed if fraud rates remain below reasonable thresholds, for which the necessary means of protection must be put in place in this regard. The entry into force of this regulation demonstrates the interest of the administration to safeguard the future of this sector that is so important for the engine of the economy in our environment, close to 40,000 million in Spain and over 600,000 million in Europe in 2018 .
The great challenge, then, is to combine these two variables so that there is less friction during the payment process of an online purchase and, at the same time, that the interests of the user who intends to make that purchase are protected, in such a way that the merchant online can continue the path of growth undertaken in the last 10 years.