SCA and the Liability Shift
Traditionally, merchants were liable for e-Commerce chargebacks. However, with the new PSD2 SCA (Strong Customer Authentication) regulation, the liability for fraudulent chargebacks will now shift to the card issuer in the majority of cases. This liability shift to the issuer will most commonly occur when the payment has been successfully authenticated through 3D Secure protocols and the card involved is a Mastercard, Maestro, American Express, JCB, Visa, Diners Club International or UnionPay card.
If a merchant has initiated 3D Secure to process online payments, a large number of payments will be protected from fraud liability throughout Europe as long as the issuer has authorised the transaction. This will still apply even if the issuer is unable to support SCA.
However, some merchant banks also require additional confirmation on AVS/CV2 verification before they will consider a liability shift. This will inevitably be down to the agreement that the merchant has with their bank for liability shift cover.
Effective on 17 October 2021, VISA have announced that fraud liability protection for merchants submitting transactions using the older, Version 1 of 3D Secure will no longer apply. This means that all merchants will eventually need to upgrade to 3D Secure V2 in order to take advantage of the liability shift from 2021, so that they are not left vulnerable to chargebacks and the associated costs.
Benefits of the SCA Liability Shift for Merchants
The SCA liability shift can greatly benefit merchants by reducing chargebacks and the costs associated with fraud, shifting the liability to the card issuer in most cases. Unless 3D Secure authentication is performed, merchants are generally liable for fraudulent activity.
By upgrading to 3D Secure Version 2, merchants can reduce their liability towards fraudulent transactions, therefore reducing risk and increasing profitability. Furthermore, the technology upgrade encourages a more positive user experience for customers through frictionless challenges and improved risk-based decisions using cardholder data which in return can lead to the increase of cardholder confidence.
Switching to 3D Secure Version 2 can result in an estimated 5% to 10% of all authentications resulting in the cardholder being redirected to their issuer’s 3D Secure page to complete the two-factor authentication process. Due to this, most authentication requests will have an estimated authorisation rate of 90%, with the liability for unauthorised transactions passing to the card issuer.
Liability shift and Opayo
We at Opayo specialise in aiding businesses to become compliant with the new SCA mandate. From helping you understand PSD2 to make the switch to 3D Secure Version 2, our specialists are available around the clock to offer advice every step of the way.
We would recommend vendors to contact their merchant banks to determine when the liability shift will occur.
There are also several exemptions to SCA that can be requested by the merchant to improve the transaction process. For further information on leveraging exceptions, please take a look at our article. Additionally, please note that when a merchant chooses to apply an exemption, the liability shifts back to the merchant themselves.
One of the UK’s most trusted payment providers, Opayo has helped businesses grow and accept payments across the country. Our team has expertise in all things payment related, from activating 3D Secure to helping you understand how liability protection works.
We offer an exclusive year-round service for merchants, with help and advice available online or by phone. If you have further questions about SCA or how your business can benefit from the new liability shift, feel free to contact us or browse through our alternative SCA articles.