On the 14th September new regulations are being introduced for online payments.
Here's what you need to know.
The EU is introducing regulations to make online payment more secure
The changes coming in on September 14th will affect all of us who buy online as payments will require additional authentication steps. But businesses who take payments online also need to make sure they’re using a payment gateway that meets the new standards.
The changes coming into effect are know as Strong Customer Authentication (SCA).
If you take online payments as part of running your business, SCA will affect the buying process for your customers because of the additional authentication required. However, the great news is that SCA is all about making the process more secure which is a positive thing.
Even better - if you use Jezzam to manage your online scheduling and appointment bookings, we’re going to take care of pretty much everything for you.
More of that later, but first of all let's dive into SCA.
What exactly is Strong Customer Authentication (SCA)?
SCA focuses on protecting customer data by using additional authentication steps to make sure the payment is not fraudulent.
There’s been huge growth in online purchasing over recent years, not only in retail but also online booking. This growth has brought with it a huge swathe of benefits to both businesses and their customers. But it’s also led to an increase in security threats. In 2017, unauthorised financial fraud was in the region of a huge £732 million in the UK alone.
In 2018, as part of an initiative to address this, the European Union implemented its Revised Payments Services Directive (PSD2) with one of the main aims being to reduce fraud and make online payments more secure.
One part of PSD2 is the use of Strong Customer Authentication (SCA) during the online buying process (for example, when entering and verifying a payment card).
The rules set out in SCA require online transactions to be validated using 2-factor authentication and this must include two of the three following elements.
- Knowledge- something only the customer knows (for example, a password or PIN)
- Possession- something only the customer has (for example, a bank security key, mobile phone)
- Inherence- something the customer is (for example, usually something biometric like a fingerprint)
Payments that require SCA and don’t meet these criteria will be declined. Whether a transaction requires SCA and what mechanisms are used will largely be up to the payment provider, although there are guidelines and standards they have to follow.
Why is SCA needed?
It’s a positive step mainly to reduce the risk of fraud for electronic transactions and to enhance the protection of customer data.
How will it affect my customers?
If the online payment for your customer's booking requires SCA (determined by the particular bank), an extra step may be required. In which case the cardholder is prompted by their bank to provide additional information to authenticate and complete a payment (for example, a one-time code sent to their phone or fingerprint authentication through their mobile banking app).
What if I’m not in Europe?
The SCA rules will apply to transactions where both the business and the cardholder’s bank are located in the European Economic Area.
How does Brexit effect SCA?
SCA is expected to be enforced in the UK regardless of the outcome of Brexit!
What do I need to do?
This is the best bit! The great news is that, if you're using Jezzam to manage online payments for your appointments and bookings, you don’t need to do anything.
Here at Jezzam we’re working hard to ensure the payment experience for your customers is as seamless as possible whether the transaction requires SCA or not.
The bottom line
SCA will introduce an additional step into the payment workflow for online payments. While this may be considered inconvenient by some, Strong Customer Authentication will help to reduce fraud and make payments more secure.
By using Jezzam to take online payments for your bookings and appointments you'll automatically get SCA through the payment providers we work with.