Background
29th August 2023

Fraud Prevention in the New SCA Era

A new payment regulation, Strong Customer Authentication (SCA), will soon be mandatory in the UK.

Scroll
Article Image Circle Circle

Home  »  Articles  »  Fraud Prevention in the New SCA Era

Fraud Prevention in the New SCA Era
Young businessman select the icon Fraud prevention on the virtual display

A new payment regulation, Strong Customer Authentication (SCA), will soon be mandatory in the UK. In March 2022 this once-in-a-generation change will come into force for UK retailers, and bring with it the potential to massively disrupt an enterprise or to push an enterprise ahead.

SCA will undoubtedly be a vital pillar of protection for merchants and consumers alike, however there is more to fraud and more to fraud protection than simply deploying an SCA solution. It is not, as some have mistakenly assumed, the only fraud solution a merchant will ever need.

European retailers have faced historic fraud pressure levels at a time when the payments landscape is undergoing upheaval due to the enforcement of PSD2’s Strong Customer Authentication (SCA) requirement. The addition of SCA’s robust two-factor authentication process has already been rolled out across much of Europe. But one only needs to look to the European countries where enforcement has begun in order to understand the limits of SCA’s fraud protection.

Many transactions are not subject to SCA, and whilst this is a saving grace for merchants who are worried about online customer experience, it means they will still be vulnerable to fraudsters who will inevitably target the transactions which are exempt from this added SCA layer. Merchants should also consider the fact that a low-fraud rate will be vital for providing a top-notch customer experience once SCA is enforced, and this is only possible by ensuring they have the most robust defenses in place.

 

Retailers risking revenue

SCA promises to better protect consumers by routing many transactions through 3D Secure and requiring two-factor authentication that calls for a shopper’s identity to be confirmed through two of the following: 

  • something the user knows (like a one-time passcode)
  • something the user has (like a mobile device)
  • something the user is (fingerprint, facial recognition, typing behaviour).

Of course, there is nothing stopping fraudsters from attacking transactions protected by 3D Secure alone — and they do. The security protocol does shift liability from the merchant to its bank, but if a bank is hit by fraud often enough, it will protect itself by declining more orders.

That’s SCA in simple terms but the wonder of the regulation lies in the detail. And on closer inspection of what SCA stipulates, it is clear that a robust fraud protection solution will be the bedrock of a merchant’s successful SCA strategy because:

  1. Low fraud rates are required for key exemptions that allow consumers and merchants to bypass SCA.
  2. SCA does not cover every transaction a merchant will process — far from it.
  3. SCA deals head-on with payment fraud. It does not protect a merchant from friendly fraud or policy abuse by consumers.
  4. Fraudsters are innovative and entrepreneurial. SCA may prove a barrier initially, but professional fraud rings will find an alternate path of attack.

Let’s start with exemptions, as they are the key to providing a seamless SCA experience for online customers. Exemptions allow orders to be approved without undergoing SCA based on the notion that the transaction isn’t very risky or wouldn’t be very costly if things go wrong.

Skipping SCA is a highly desirable outcome as stricter authentication measures have the potential to disrupt the customer’s online checkout experience. Featured in the latest CMSPI report into the impact of SCA in Europe, testing shows 29% percent of SCA transactions are abandoned. This could be because they are declined, because of technical errors or because the customers simply got too frustrated with the added security layers. All of this could amount to an annual loss for merchants of €90 billion combined.

In a recent consumer survey, more than 37% of UK consumers said they’d been unable to complete a transaction because of new online security procedures. Moreover, more than 46% said they were very or somewhat likely to give up on transactions that require two-factor authentication.

 

Exemptions…the silver lining?

For retailers, the key to taking advantage of SCA exemptions is to have all aspects of fraud under control. In order for merchants to qualify for exemptions, they must demonstrate that their fraud rates are sufficiently low to meet the thresholds in the new regulation.Exemptions are broken down into different transactional situations:

  1. Low-risk and low-value transactions: Online orders of €30 or less that arrive without fraud red flags do not need to clear SCA. By definition these orders are getting less scrutiny than orders of above €30, which makes them attractive targets for fraudsters. Having a high-quality fraud solution in place will protect these orders from fraud. Given that a business dealing in basket sizes under €30 are likely doing a high volume of low-cost orders, a solution that provides automated decisioning will save the business from being consumed by conducting manual reviews.
  2. Recurring transactions: Subscription payments for the same amount made to the same merchant are exempt from SCA, once the first payment clears SCA. That’s great, as far as it goes. But once that first transaction is processed, the following transactions are not subject to SCA and are vulnerable to fraud — unless a fraud solution is in place.
  3. Trusted beneficiary payments: Consumers can select specific merchants and ask their card-issuing bank to allow purchases from that specific merchant to be processed without SCA. The key here is, the consumer asks for the exemption and the bank can say no for any reason. If the bank says yes, a trusted beneficiary payment becomes a transaction that is not protected by SCA, again making those transactions targets for fraud. It doesn’t take a lot of creativity, for instance, to come up with potential targets. Consider Amazon’s huge customer base and the frequency with which Prime customers buy on Amazon. It’s the perfect recipe for a trusted beneficiary request. And a perfect merchant for a fraud ring with stolen credentials to visit, because SCA is less likely to be a barrier.
  4. Transaction risk analysis (TRA): Having a top-flight fraud prevention solution is exactly what TRA is all about. The exemption allows merchants with low fraud rates, using acquiring banks that also have low fraud rates, to bypass SCA on a sliding scale of order values. Those with an exceedingly low fraud rate of .01% can skip SCA on orders under €500. If a merchant’s fraud rate is under .06% they’re good for under €250. A rate under .13% means purchases less than €100 are exempt from SCA. Again, the merchant’s acquiring bank must match those fraud-rate limits.

 

Some transactions can be excluded from SCA

Beyond exemptions, there are other scenarios in which SCA is not enforced, which leaves merchants more vulnerable to fraud unless they have a solution in place. 

The new SCA regulations apply to merchants within the European Economic Area. But not all customers who shop with merchants in the EEA live in the EEA. Their purchases are subject to an SCA exception known as the “one leg out” exclusion. If either the issuing or acquiring bank involved in a transaction is outside of the EEA, SCA does not apply. Therefore, those orders are protected only by whatever fraud solution the merchant has in place.

Certain types of orders — mail order and telephone — are not subject to SCA, meaning the next call-in order a retailer gets could well be from a fraudster. Transactions made with anonymous payment instruments — think prepaid gift cards — are not subject to SCA. This only leaves room for fraudsters to make their move.

 

The rise in non-payment fraud

Finally, consider the challenge of non-payments fraud, sometimes called friendly fraud. Abusive consumer claims ended 2020 at a level five times what it was before the COVID-19 pandemic set in, and in a consumer survey, more than 36% of UK consumers said they’d falsely claimed that a legitimate charge on their credit account was fraudulent. Just over 30% admitted to falsely claiming that an order never arrived or that an order was unsatisfactory when it did arrive. 

Obviously, SCA is not going to detect friendly fraud, and retailers will need additional solutions in place.

Fraud rates and risks vary by retailer and even by retail vertical. But as the UK joins Europe under SCA regulations, it is clear that the new regulation is not a be-all and end-all fraud solution and merchants will need to consider other fraud solutions to protect their business and maintain an excellent customer experience online.

Categories: Finance/Wealth Management

Plane
Quarterly Newsletter

Sign up to our quarterly newsletter to receive the latest and most relevant updates, interviews and opinions from finance’s leading lights.

Subscribe
Covers
Explore Previous Issues

View the latest issue of the Wealth & Finance digital magazine which features business profiles of leading industry insiders who are thriving in the finance and investment sector.

See Latest Issues
Trophy
Explore Previous Awards

Click here to view our current and archived Award programmes.

See Our Awards
Other Articles You Might Like
See All Articles
How to Become Wealthy Even if You Don’t Come from WealthREAD MORE
Articles5th April 2023How to Become Wealthy Even if You Don’t Come from Wealth

Many people want to be wealthy, but it is not an easy task. Because of the large gap between the wealthy and the poor, it may seem even more challenging. However, changing your mindset can help you build more wealth. It requires you to believe that you can obtain and build wealth, even if you don’t come from it.

Should Investors Stay Underweight Europe? Three Reasons Why It’s Time to Reconsider That View NowREAD MORE
Articles13th November 2020Should Investors Stay Underweight Europe? Three Reasons Why It’s Time to Reconsider That View Now

After a decade encompassing Brexit and the euro crisis, and amid disappointing returns relative to other markets, many investors have written off European equities, but River and Mercantile’s James Sym believes that stance now needs to change.

Savers Are Set to Miss Out on MILLIONS in Returns After Epic £75.5bn Savings Haul in LockdownREAD MORE
Articles3rd November 2020Savers Are Set to Miss Out on MILLIONS in Returns After Epic £75.5bn Savings Haul in Lockdown

On average Brits saved £1,974 each in lockdown, equating to £75.5bn across the UK, yet at least half of this is reported to be sitting in a savings account, likely offering minimal returns. Millennials saved the most out of all reported age groups – averaging at £2,200 each.

Artificial Intelligence is Empowering Financial Experts, Not Replacing ThemREAD MORE
Articles31st October 2017Artificial Intelligence is Empowering Financial Experts, Not Replacing Them

When in 1950 mathematician Alan Turing asked ‘Can machines think?’ he did not imagine that this question would trigger decades of research and the rise of an entire new market. Yet, in 2014, Google invested US$400 million in artificial intelligence (AI) startup DeepMind. Although AI still conserves an aura of otherworldly technology bound to take over pretty much everything, a new trend is emerging which improves interactions between humans and machines – augmented intelligence.

Thinking about starting a new business? Female entrepreneurs will face more obstacles than their male counterpartsREAD MORE
Articles26th July 2019Thinking about starting a new business? Female entrepreneurs will face more obstacles than their male counterparts

Thinking about starting a new business? Female entrepreneurs will face more obstacles than their male counterparts Women face more obstacles when starting a business, meaning they need more support in order to succeed, reveals new research from ESCP Europe. Females and males experience the support provided by the ecosystem for their start-up activities very differently. Women […]

Report Reveals Independent Scots Want to Keep the PoundREAD MORE
Articles13th August 2014Report Reveals Independent Scots Want to Keep the Pound

An annual survey has revealed that most Scots think an independent Scotland should retain the use of the pound.

Vodafone signals reassuring performance as it maintains fundamental dividendREAD MORE
Articles13th November 2018Vodafone signals reassuring performance as it maintains fundamental dividend

Shares trading up 7% in early trading despite first half loss of €7.8bn as investors share relief at dividend upkeep Still too early to evaluate new CEO’s performance but signs are encouraging as digital transformation accelerates and demand is high We currently recommend Vodafone as a ‘buy’ for medium risk investors As Vodafone updates the […]

Consumer Credit Firms Must Raise Advertising Standards, Says FCAREAD MORE
Articles16th May 2014Consumer Credit Firms Must Raise Advertising Standards, Says FCA

Statistics show that one in five adverts from consumer credit firms, for products including payday loans, fell short of the FCA's financial promotion expectations.

LafargeHolcim Ltd to Launch Squeeze-Out for Remaining Lafarge SharesREAD MORE
Articles12th October 2016LafargeHolcim Ltd to Launch Squeeze-Out for Remaining Lafarge Shares

LafargeHolcim Ltd announces that it has decided to initiate a squeeze-out process for all issued and outstanding shares of Lafarge S.A. After surpassing the necessary 95 percent threshold in share capital and voting rights and following a decision by the Board of Directors, LafargeHolcim Ltd plans to request the AMF to implement a squeeze-out procedure pursuant to their general regulations for Lafarge S.A. shares not tendered to the Public Exchange Offer.

Why Successful Companies Invest in a Global Mobility ProgramREAD MORE
Articles7th December 2021Why Successful Companies Invest in a Global Mobility Program

Successful companies like Vodafone, Johnson & Johnson, and HSBC have all adopted global mobility programs. Indeed, the use of global mobility has contributed to the success of those companies. In this modern 21st century world, businesses from all kinds of sectors are starting to see the benefits of global mobility programs and are following the […]

Arrow

Wealth & Finance International is part of AI Global Media

Discover our 10+ brands covering different sectors
APAC InsiderBUILD MagazineCorporate VisionEU Business NewsGHP NewsAcquisition InternationalNew World ReportMEA MarketsCEO MonthlySME NewsLUXlife MagazineInnovation in BusinessThe Business Concept