MySagePay
Login >

Optimising the Checkout Flow - Frictionless Authentication and SCA

Published 26/10/2020

Frictionless Authentication and SCA

PDS2 is legislation that was introduced by the European Banking Authority, it was introduced to make payments more secure in Europe and to help banks adapt to new technologies in the online payment sector. As a part of this, last year a new set of requirements which consist of an additional security step were further introduced to help improve protective measures whilst keeping the customer experience as smooth as possible.

This set of requirements is also known as Strong Customer Authentication, or SCA. This further layer of security authentication is required for online transactions, meaning customers will have to provide an additional form of identification in addition to their credit or debit card information. While the original deadline for implementing SCA for merchants was the 14th September 2019 the FCA, during April 2020, announced a further delay of enforcement until 14 September 2021 in the UK to help merchants impacted by Covid-19. For merchants based in the rest of the European Economic Area (EEA) and those who process cards issued in the EEA with a European acquirer, the date for full SCA implementation is 31 December 2020.

As part of SCA, a new frictionless process has been introduced to allow customers to benefit from a more seamless payment experience. Through real-time transaction evaluations and only seeking further authentication for a smaller number of payments that appear to be risky, card issuers can prevent friction within the online checkout process.

Through frictionless authentication, it is expected that staggering 95% of all transactions will require no cardholder authentication, which means that only 5% of transactions are considered as higher risk. This can significantly improve the user experience with faster payment times leading to increased conversion rates. Businesses can also benefit from lower losses through stable fraud levels and measures taken to calculate transaction risks.

In order to comply with new SCA requirements, 3D Secure 2 introduces a new Frictionless Flow process as one form of authentication. This allows issuers to approve transactions without needing manual input from the customer.

This process occurs through Risk-Based Authentication or RBA. RBA is the process of determining the risk attached to a certain payment and whether the customer should be additionally challenged with authentication steps. These risk-based elements can include information such as the value of the transaction, customer behavioural history, device information and whether the customer is new or existing.

This is combined with two-factor authentication, which requires users to provide information as an additional security step. This can include information from three key factors:

- Knowledge - Something the customers know such as a PIN or password

- Inherence - Something the customers are, such as a fingerprint, eye scan or voice recognition

- Possession - Something that the customers own or have, such as a mobile phone, card reader or a One-Time Password (OTP)

Thresholds for frictionless flow transactions

Frictionless flow for remote card transactions can exist as a part of SCA. This includes:

Transaction Size Frictionless Flow
Transactions up to €500 Frictionless flow allowed if acquirer’s fraud rate is less than 0.01%
Transactions up to €250 Frictionless flow allowed if acquirer’s fraud rate is less than 0.06% 
 Transactions up to €100  Frictionless flow allowed if acquirer’s fraud rate is less than 0.13%

 

Optimising the checkout flow to improve user experience

1. Ensure you are using the latest version of 3D Secure. 3DSv2 introduces frictionless authentication and low friction challenges supported by mobile-friendly authentication and biometric verification for a more streamlined experience.

2. Optimise user experience by simplifying the checkout flow and challenge journey. This will speed up the checkout process translating to a more improved customer service and further customer retention.

3. Identify and correctly flag out of scope transactions that do not require SCA - for example merchant-initiated transactions (MIT). This is where the initial transaction has been authenticated by SCA and the shopper has agreed to Ts and Cs, for you to use their stored credential for subsequent payments when they are not in-session.

4. Utilise fraud screening tools as a pre-authorisation check to manage your fraud score – this will improve your chances of obtaining a TRA exemption which will help to filter out low risk transactions.

5. Take advantage of the various exemptions available to merchants to minimise friction and the need for a challenge with low value, recurring or repeat transactions.

6. Build cardholder confidence and improve conversion by signposting that payments are secured by 3DS with appropriate card scheme branding, making shoppers aware that additional security steps may be required ahead of the checkout journey.

7. Prepare for any potential user problems associated with challenge flows and offer optimal customer service and support all year round.

Conclusion

With the world of online payments changing rapidly, new measures have been taken to ensure that three main groups benefit from frictionless authentication. The card issuers, the merchants or acquirers and most importantly, the customers.

Opayo is one of the UK’s most trusted payment service providers, helping businesses grow and accept payments from customers in the most efficient and reliable way possible. With two decades of experience in understanding the needs of businesses and customers, we provide a service that is completely smooth and personalised to help you in any way that we can.

For more information on SCA or to further understand Authentication v Authorisation, take a look at our online articles for advice. Alternatively, if you would like to discuss frictionless authentication with a member of our team or to learn more about our products and services, please contact us on 0191 479 5922.