Last year it is estimated that £1.2 billion was stolen in the UK through online frauds and scams – 40% of this loss was related to card payments. These figures represent a dramatic increase from previous years and are largely linked to the Covid-19 pandemic, which forced consumers to adopt more digital shopping habits.
While it is likely that these figures will continue to rise for the foreseeable future, legislation is being introduced in an attempt to curb this increase – in March 2022 mandatory SCA was launched. SCA, or Strong Customer Authentication, is a form of 2 Factor Authentication, and is a European regulatory requirement to increase security measures for online payments.
You may have recently noticed these increased measures when making payments online, but essentially SCA requires a customer to prove their identity with a combination of 2 of 3 authentication categories;
- Knowledge – something the customer knows, like a PIN, password or secret phrase
- Possession – something the customer possess, like a phone, smartwatch or smart card
- Inherence – something the customer is, like a fingerprint or facial recognition.
The payment will only be approved if 2 of the above requirements are met, therefore proving the customer’s identity.
While a mandatory requirement, there are a few exemptions. SCA is not required for small transactions, subscriptions or regular transactions, or transactions with whitelisted retailers. Outside of these exemptions, SCA will be required when a customer initiates an online payment or accesses an online payment account.
The majority of online payment providers, such as Stripe and Sage have SCA built in as standard – and they will ensure continued compliance, making it really easy for businesses to stay up to date with any changes in legislation.
The introduction of SCA is set to considerably slow the rate of increase of online fraud, which not only benefits the consumer, but also online businesses too. For businesses the loss from fraud is dramatically lower with SCA, since the liability is shifted from the retailer to the payment provider.
Having only been introduced in March this year, we do not yet know its full impact, however, the early signs show that SCA is having a positive effect on online transactions. Hopefully you now have a better understanding as to why you are being asked to prove your identity on a regular basis! Complying with and supporting SCA is just one more step you can take towards ensuring you stay safe online.