Is the European Finance Market SCA-Ready?

Banking CIO Outlook | Thursday, October 15, 2020

While the three countries extended the deadline, SCA recently came into effect across the other parts of Europe. Financial firms are all set to get ready for compliance.  

FREMONT, CA: The European Union enacted the Payments Services Directive 2 (PSD2) in January 2018. Intending to reform the financial sector, the directives introduced guidelines that sought to promote open banking and reduce the threat of financial frauds. Strong Customer Authentication (SCA), which is one of the vital aspects of PSD2, involves directives to improve the security of online transactions. The deadline for implementation of SCA was set to 14th September 2019 across Europe. However, the deadline has recently been extended by 18 months for the UK, Finland and Denmark, owing to the inability of a large section of organisations in these nations to ensure compliance. The rest of Europe is now subject to the SCA directives.  

Under SCA, it is mandatory for service providers to carry out careful verification of every customer using multi-factor authentication whenever there is the use of electronic or online payment methods. As per the guidelines, the authentication has to involve at least two of the three elements from a password or a pin, a verifiable personal device and biometrics. For every online transaction that exceeds €30 in value, SCA becomes compulsory. Thus, online merchants and banks have to adapt to the modifications and ensure verifications are implemented to continue undisrupted services.

For the countries that have taken permission from authorities to extend the deadline further, there are opportunities for seamless transformations. The reason why these countries refrained from implementing SCA is that most of the stakeholders do not have the technological readiness required to undertake compliance. A majority of these companies are established companies with legacy systems in place which require extensive changes. These players now have the time to improve IT prowess and become digital-oriented. Either by acquiring skilled experts or by involving third-party service providers, financial institutions can drive quick adaption.

Fintech companies and challenger banks in Europe have found it comparatively easier to deal with the new norms. Starting as technology-driven organisations, they are able to quickly initiate and implement policies with the help of advanced solutions. Mergers and acquisitions with these modern firms have also been one of the preferred ways by which established banks have been securing technological capabilities in their quest to rise to the occasion and fulfil compliance requirements.   

For all the European countries except Finland, the UK and Denmark, SCA is now effective. Even though these countries are not entirely ready for implementation, the enforcement has been done as planned. Experts are expecting transformations in online payments and subsequently in online business as well, which have led to many apprehensions on the part of banks and e-commerce companies. At the same time, companies which can deliver the requirements under SCA can generate enhanced trust among consumers, leading to better business. The exposure to risks, for such companies, will also reduce subsequently, safeguarding them from possibilities of financial frauds and related losses, which can amount to millions.

The banks and merchants who are not yet prepared or aware of the repercussions of SCA have to hasten by taking the assistance of third-party service providers. They have to redesign operations by modifying the existing way authentication and verification works. Several additional facilities have to be put in place that will equip a higher degree of control over customer information.  Customer experience might take a hit due to increased friction in online transaction processing, and companies have to prepare for that as well. Several IT service providers had predicted the demand for dedicated compliance products and solutions and are now ready with their offerings. Financial firms can opt for ready-to-use solutions that expedite the process of digital transformation with added features of risk management. With optimised and configurable tools that give banks the intelligence they need to drive two-factor authentication, service providers are powering the significant shift in Europe.

Financial companies must not allow the added complexities in their IT departments to become deterrents in the SCA-effected makeover. Instead, they must look at it as an opportunity to induce competitive advantages by becoming compliant at the earliest possible dates by using SCA solutions. Online merchants must also play the role of facilitating the implementation by undertaking necessary measures.

The extension in the deadline is selected countries might prove to be detrimental to financial organisations as well as to end-users. The European markets have seen a sharp rise in the number of frauds over the past few years. Most of these frauds occur when customers use remote banking facilities to carry out instant payments online or through cards. According to a report published by PaymentsJournal, the annual value of losses in Europe from fraudulent transactions amounts to €1.8 billion.

The delay in deploying SCA will give fraudsters more time to carry out attacks and target vulnerabilities in the online banking infrastructure. Data provided by MobilePaymentsToday says that cards issued in the United Kingdom were subject to losses of 671 million pounds in 2018. It is a rise of 20 per cent compared to 2017. Thus, it is high time for stakeholders to prepare the infrastructure needed to acquiesce with PSD2 in general and SCA in particular. Currently, the regulations seem to be the best way ahead for Europe to put brakes on the escalating issues of financial frauds.  

Weekly Brief

Read Also