Payment Flows

There are certain types of payments that are exempt from SCA.
Thes could be any items in an online store with a value less than €30, fixed amount subscriptions or merchant-initiated transactions less than €30.

To qualify for this exemption, your business must have an agreement with your customer and have them authenticate their card when it’s being saved or authenticate the first payment.

Merchant-initiated transactions are payments made with a saved card when the customer is off-session. An example might be a gym membership, Netflix or Spotify subscription payment.

Any online transactions under €30 is considered low value and could be exempted from SCA. However, the issuers’ bank will request authentication if the exemption has been used five times consecutively or if the sum of exempted payments is more than €100.

So, if a customer buys a shirt online for €28, that transaction will be exempt and SCA is not required. If the same customer on the same website buys another shirt for €28 then its still exempt. But if the customer returns for the 4th time using the same card then the value has exceeded €100 and SCA will be applied.

So even if your online store only sells low-value items, you will face potential issues with returning or multiple purchase/bulk buying customers.

The good news is, there are payment providers that help businesses take full advantage of these opportunities by automatically requesting exemptions.
When exemptions are accepted by your customers’ banks, your customers won’t have to authenticate, minimizing the impact on conversion.

Ecommerce websites or booking websites cannot rely on exemptions and must design their payment flows to authenticate customers when the situation arises.

Any exceptions will be determined by your customers’ banks which is done on a case by case basis, with every bank making their own decision when authentication happens.

Something they know, such as a PIN or Password.

Something they have, such as a smartphone.

Something they are, such as biometric facial features or a fingerprint

This is known as two-factor authentication (2FA) which you may have encountered before.

An example compliant procedure might include a combination of a password (knowledge) and smartphone (possession) with a passcode sent to the user via SMS. Another example might be a password (knowledge) and a fingerprint (inherence).
The exact rules are yet to be clarified until near the date and will be largely determined by the issuers’ bank.

 

Who does SCA affect?

Everyone. (Buyers and sellers)
1. All business owners in the UK and EU that take payments through their website.
2. All customers in the UK and EU that buy products online.

Are there exemptions?

Any online transactions under €30 is considered low value and could be exempted from SCA. However the issuers bank will request authentication if the exemption has been used five times consecutively or if the sum of exempted payments is more than €100.

So, if a customer buys a shirt online for €28, that transaction will be exempt and SCA is not required. If the same customer on the same website buys another shirt for €28 then its still exempt. But if the customer returns for the 4th time using the same card then the value has exceeded €100 and SCA will be applied.

So even if your online store only sells low-value items, you will face potential issues with returning or multiple purchase/bulk buying customers.

But there is an opportunity:

Amongst the disruption and chaos the compliance is causing, there is a great opportunity for forward-thinking companies to stay ahead of the curve and to make better payment process decisions than their competitors.

Every online store is facing the same challenge at the same time. With these tighter online rules affecting transactions.

Those who have thought and analysed their payment process and actioned seamless checkout experiences will have a big competitive advantage against those who are simply waiting for the changes to happen and go with the flow.

It’s almost inevitable that there will be drops in conversion (shopping cart abandonment), its how you adapt to these barriers providing the most frictionless experience for your customers.

Those that do get the frictionless payment process right, may enjoy better sales as customers are swayed by a better, simpler, more user-friendly, e-commerce sites.

It’s this mentality that will see some store owners flourish in the new era of compliance.

What should I do to make my e-commerce store SCA compliant and increase conversions?

Start planning now, this is not a one size fits all solution. Just like GDPR in May last year, SCA is complex and shouldn’t be left to the last minute.

The first steps are to perform a full payment flow audit of your site to discover the friction.

A Payment Flow Audit will make key recommendations and highlight what steps need to be taken and how to be fully prepared.

To request a website audit, click here

What should I do to make my store SCA compliant and frictionless?

Is your checkout/payment process fully optimised?
What can be done to improve conversions?
What's the best way to simplify your checkout?
What can be done to provide a better user experience?
Can you minimise the steps to payment?
Is your business using the most suitable payment processor?

Payment Flow Audit

    Payment flow Audit (Conversion Optimisation):

    Read our Terms and Conditions and Privacy Policy.

    [recaptcha]