Get your business SCA-ready for Christmas

Despite the dramatic shift to online shopping, thousands of Irish small businesses risk losing sales by failing to prepare for Strong Customer Authentication (SCA) requirements warns Visa Ireland’s Philip Konopik.

The Covid-19 pandemic has drastically changed the retail landscape in Ireland. Although small businesses across the country were forced to temporarily shut their doors, many were able to stay afloat by adapting their business models – some finding a lifeline by beginning to sell online for the first time.

With experts predicting that these changes in shopping behaviour are permanent, it is crucial that it remains easy to buy and sell online. That said, a new European regulation will be enforced from 1 January next year across almost all of Europe, which, if not adhered to, could make it harder for customers to pay at online checkouts.

“With the right preparation, you can reduce fraud and ensure your hard-earned customers can still pay you easily and quickly”

At Visa, we have been working with banks and companies across the payments industry to help ensure payments can still easily be made. But there are steps you must take to ensure customers can still buy from your website once the regulation kicks in.

The new rules

Strong Customer Authentication (SCA) – part of a broader European payments regulation known as PSD2 and enforced from 1st January 2021 – requires banks to perform additional checks to ensure that a customer is the correct cardholder (and not a fraudster) when making a purchase.

The aim of the regulation is to reduce fraud – making e-commerce more secure and helping consumers to feel more confident as they shop online. However, this process could also mean the shopper needs to take additional steps during checkout – no doubt impacting their payment experience.

Furthermore, payments that don’t meet the requirements set out by SCA, may be declined by banks.

Knowledge is power

You have some power to decide how smooth the checkout experience will be for your customers, and ensure legitimate payments can be approved.

We believe the best way to make sure your customers’ payments support the regulation is to add a piece of technology to your checkout called 3-D Secure (3DS).

Delivered by EMVCo, this technology scans payments as they come through to determine if they seem likely to be fraudulent, and enables banks to ask the customer for more proof of their identity (in line with the regulation).

If you want to make sure your checkout is as smooth as possible, we believe you should use the latest version of this technology, called “EMV 3D Secure”. This version of the technology gives banks more information on a payment, and is more suited to devices like smartphones.

Our data shows that when 3DS has been applied, e-commerce fraud can be reduced by half (Visa data).

What’s more, the fact that implementing 3DS means banks can verify the identity of their cardholder at checkout means that, if fraud does take place, your business could benefit from liability protection. Finally, keeping your online sales secure and avoiding fraud losses could have a positive impact on your profitability.

Implementing it is easy: the company that enables your website to take payments/runs the checkout section of your website – it could be your business bank or a payment gateway, for instance – should be able to “switch on” this technology. That said, this will not happen automatically, so if you want to use 3DS, you must ask.

Identifying every exemption

Once you’ve implemented the technology to deliver SCA, the next way to minimise disruption for your customers is to try and reduce the number of payments that require further steps at checkout at all.

Not every online payment requires SCA – it includes exemptions, and there are some payments that are “out of scope” – where the regulation doesn’t apply. Working with your bank or gateway, you can indicate if a customer’s payment falls under an exemption, and ensure it passes directly through for bank approval.

One exemption, for instance, is that additional checks are not always required for “low value” payments. If many of the products and services you sell are for less than €30, it is worth mentioning this to your bank or gateway.

Challenge or opportunity

Whatever the size of your business, you can be certain that if you sell online, your customers will, at some point, go through additional checks including needing to provide stronger proof of their identity in line with SCA.

To make sure they can, contact the company or bank that provides your website checkout service.

When SCA is enforced it could present either a challenge or an opportunity. With the right preparation, you can reduce fraud and ensure your hard-earned customers can still pay you easily and quickly.

In the current climate, SCA readiness may seem like tomorrow’s problem as you continue to grapple with changing COVID-19 restriction measures. However, it’s critical that you engage with your online checkout provider as soon as possible to make sure you’re ready on time and avoid missing out on sales in the New Year.

Many banks and payment companies will have already started testing the customer checkout experience in preparation for the implementation of SCA from 1 January. Preparing early means you are less likely to experience disruption during the busy December shopping period.

For more information about how Visa is helping businesses maximise sales and rebuild for recovery, or help on how to prepare for Secure Customer Authentication, please visit:

Philip Konopik is the Ireland country manager at Visa, a position he has held since January 2016. He is responsible for Visa’s operations in Ireland, driving growth and development across the market.