UK payments industry reacts to second SCA deadline extension
The Financial Conduct Authority (FCA) announced a second six-month extension to the final Secure Customer Authentication (SCA) deadline last week. Many in the industry have called the delay “no surprise”.
Already delayed once during the height of the COVID-19 pandemic, from 14 March 2021 to 14 September 2021, the deadline will now land on 14 March 2022. It applies to all card-based e-commerce transactions.
In practice, the regulation stops customers from making an online purchase with just their debit or credit card. Instead, customers will also need to pass a two-factor authentication process.
One such example is a code sent to their phone to confirm their identity. Designed to curb fraud, the regulation also adds another step to the checkout process. Thus threatening many merchants’ already stretched conversion rates.
For some UK-based payments firms, the further extension may seem unfair. Whilst there might still be a “mixed level of readiness amongst issuers”, as Synechron’s UK business consulting head, Phil Sturmer, points out to FinTech Futures, many firms – now ready – will have put considerable effort into making an already revised deadline.
“Some payments companies have already invested time and resources into prioritising this for the original deadline,” says Luc Gueriane, Moorwand’s chief commercial officer and FinTech Futures’ resident agony uncle.
“If they’re already incurring costs, will they feel that it’s unfair that they’re now at a cost disadvantage for being ready on time?”
Friction is still a big problem
Those countries which have already actioned their last SCA deadline have already seen significant dips in conversion rates at checkout.
Amanda Mickleburgh, ACI Worldwide’s merchant fraud director, explains: “Many UK merchants aren’t ready and cannot afford to have a 25% reduction in conversion rates as seen in France and Spain, or even up to 40% like in Italy”.
As companies continue to recover their losses post-pandemic, many will have breathed a sigh of relief at the deadline extension.
But arguably, the e-commerce industry has enjoyed a relative boom in comparison to other UK sectors during COVID-19. According to UNCTAD, global e-commerce sales rose to $26.7 trillion in 2020, making up 19% of all retail sales.
Despite this sector’s relative growth in the last year, compounded with the good intentions of the regulation, many payments firms are still unhappy with “the disruption” SCA is presenting for their payment processes.
“Delays in issuers rolling out or resolving problems with the new ‘two factor verification’ are concerning,” says Sturmer. “As some merchants report increasing consumer friction and a resulting reduction in conversion rates, far from satisfactory!”
Galit Michel, Forter’s payments VP, corroborates this. “We have observed a lack of issuer readiness. As well as low levels of customer co-operation with the increase in friction at the checkout,” she says.
SCA is a by-product of the Second Payments Services Directive (PSD2), enacted back in 2018. “The desired impact of PSD2 was to reduce levels of fraud,” says Michel.
“But in reality, the outcome has been to frustrate customers and deprive merchants of much-needed revenue.”
Forget SCA, there are bigger things happening
For some in the industry, the SCA extension “is neither a big surprise nor much of a concern”.
As Tony Craddock, the Emerging Payment Association’s (EPA) director general, tells FinTech Futures: “All this will do is prevent the stragglers from being punished too harshly.”
He also highlights the fact the UK’s adoption and implementation of SCA “is already far broader and deeper than in many EU jurisdictions”.
This might mean the dips in conversion across France, Spain, and Italy aren’t necessarily directly comparable. Contrary to what Mickleburgh and others in the industry have suggested.
But earlier last the week, the FCA made another key announcement to payments firms. One which Craddock thinks the industry should “be more concerned about”.
The UK regulator issued a letter to CEOs of non-bank firms – particularly e-money licensed firms – demanding they make it clear they are not banks. “We are asking you to write to your customers to make it clear how their money is protected.”
Companies have six weeks to do so. And they must separate the notice from any other messaging or promotional activity.
The EPA is currently compiling a template for firms to send to their customers. It will explain the risks of holding money with EMI-licensed firms, and is set to land sometime this week.
Craddock thinks this FCA notice “has the potential to unsettle consumers of e-money companies”. Sources have also cited worries to FinTech Futures over the FCA’s letter as an example of it “bullying the little guys”.
Reaffirms validity of A2A payments
Whilst this deadline is set to impact card-based e-commerce transactions, Jack Wilson – TrueLayer’s policy and regulatory affairs head points out that open banking payments have been SCA compliant since 2019.
“This latest delay highlights the complexities of introducing the extra security measures when using cards as a payment method,” he explains.
Open banking-powered payments skip the card network entirely. And, as Wilson highlights, are already more secure and have been for some time.
Leon Muis, chief business officer at Yolt Technology Services (YTS) – another open banking provider prominent in the UK – echoes this.
He points out that account-to-account (A2A) payments mean “less chance of dropouts”. They also remove the card transaction fees, which have traditionally put additional pressure on merchants’ bottom lines.
Hence, in time, he – like many others – anticipates SCA will only push more merchants to open banking payment solutions over card-based ones.
Read next: FCA demands UK fintechs clarify non-bank status to customers