Strong Customer Authentication Alphacomm Solutions

The truth about Strong Customer Authentication (SCA)

Strong Customer Authentication is coming and it arrives – bearing headaches – on September 14th 2019. The impending implementation of SCA is part of the revised Payment Services Directive (PSD2) that came into force on January 18th 2018. 

For a refresher on PSD2, check out our article ‘An explanation of the revised Payment Services Directive (PSD2).’

But what is SCA exactly?

The Revised Payment Services Directive (PSD2) outlines that payments are to be made more secure and that platforms need to be open for integration. SCA specifically, refers to the way in which payments are made more secure. As of September 14th, online shoppers will need to verify their identity by sharing two out of three required elements:

  • Something they know (password, pin, secret fact)
  • Something they own (phone, wearable, hardware token)
  • Something they are (fingerprint ID, facial ID, voice ID, retina scan)

Strong Customer Authentication Alphacomm Solutions

Up until this point, the standard tool used to verify the authenticity of online transactions was the 3D Secure 1.0 system (3DS1). To make this stronger form of authentication possible, an update of the 3D Secure system from 1.0 to 2.0 was necessary. So now, along with the introduction of SCA, card schemes are adopting 3DS2 in order to better comply with SCA.

Don’t get lost in the acronym jungle. It’s pretty clear once you see how they are all connected:

  • PSD2 ⇒ A directive outlining the general goal of open banking, data sharing and security
  • SCA ⇒ A requirement of PSD2, stating that two out of three elements are needed for authentication
  • 3DS2 ⇒ The authentication tool that makes compliance with SCA possible

 

SCA adds friction and hurts conversion

So what does SCA mean for business? SCA is amazing because it makes payments secure and gives businesses a leg up in the battle to eradicate fraud. However, you need to be aware of the drawbacks. SCA adds friction to the shopping experience. Users had just gotten the hang of online shopping and now they need to learn new tricks like using biometrics at checkout. There’s no way of avoiding it. European banks will be required to decline payments that don’t meet the SCA standard.

While we’re waiting for 3DS2, let’s look at 3DS1. In April 2019, Ravelin released a shocking report on the effects of 3D Secure. After analysing millions of global business transactions, they found that 22% of payments were lost as a result of using 3DS.

A study by 451 Research suggests the European economy is likely to miss out on €57 billion in the first twelve months after SCA comes into force.

 

SCA exemptions

Luckily, there are various exceptions to the rule. The following are the most common:

Transactions (partly) outside the EEA
For SCA to apply to international transactions, both countries (that of the user and the seller) need to be located within the EEA. In other words, a transaction between a user in the USA and a German eCommerce website is exempt from SCA. However, some European banks might choose to apply SCA anyway.

People often refer to PSD2, GDPR, SCA etc as European. However, Europe is not synonymous with the European Union and the Union doesn’t quite cover it either. SCA applies to all businesses operating within the European Economic Area (EEA). That’s the European Union, plus Iceland, Liechtenstein and Norway. Note that Switzerland is not part of the EEA.

Low transaction value
Moreover, transactions with a value under €30 are exempt from SCA.

Low transaction risk
Issuing banks or acquirers can apply for an exemption for low-risk payments on the basis of Transaction Risk Analysis (TRA). In order to be considered for the exemption, fraud rates for remote card payments need to be between one and six basis points.

Trusted beneficiaries
After completing a payment with SCA, users will increasingly be able to whitelist trusted merchants. The next time a purchase is made, SCA will be bypassed. Whitelisting will become more commonplace as more card issuers start supporting it.

Excluded / Out of scope

The following transactions are excluded from SCA as they fall outside the scope of the regulation:

  • MOTO: Transactions completed over the telephone or via mail order.
  • MIT: Merchant initiated transactions (MIT) like recurring payments or subscriptions.

Frictionless Flow Alphacomm Solutions

Frictionless flow and chargeback liability shift

The Payment Services Directive (PSD2) includes provisions that allow merchants to soften the blow of SCA to the consumer experience. One such provision is ‘frictionless flow.’

Frictionless flow allows SCA measures to be bypassed. In other words, eligible merchants will be able to offer their consumers a checkout experience without any added friction.

Frictionless flow can only be applied to transactions that meet certain criteria; the size of the purchase in relation to the fraud rate of the merchant (acquirer).

For example, for transactions up to €100, frictionless flow is allowed only if the fraud rate is less than 0.13%. For transactions up to €250 and €500, the fraud rate cap is set at 0.06% and 0.01% respectively.

Frictionless flow is very beneficial to eligible merchants as it minimises the risk of cart abandonment. However, the merchant is liable for any chargebacks that occur through frictionless flow.

Still, there is an exception. If and when an issuing bank does not trust a transaction and refuses to grant frictionless flow, the consumer is presented with an authentication challenge. If the consumer passes the challenge, the chargeback liability shifts towards the issuing bank.

 

What can businesses do to soften the blow?

The bottom line is that conversions affect, well, your bottom line. It is of utmost importance that visitors carry out their purchases as intended, regardless of the new authentication measures. To that end, the best thing you can do is be upfront about it.

Own it. Inform your users that you’re proud to offer a secure shopping experience. Tell your customers that checkout is as safe as it can be because of your adherence to the latest standards. Most of all, tell them early, don’t wait until they are at the checkout phase.

Certain payment methods are intrinsically (in and of themselves) SCA-proof, for example, Apple Pay and Google Pay. Both of which already combine the OWN and ARE elements. Using a payment method like Apple Pay therefore automatically reduces the perceived friction.

Finally, the best thing you can do is ally yourself with an expert in the field of payments. Not sure whether your payment transactions meet the SCA standard? Looking for a partner that offers local payment methods that Europeans love and trust? Alphacomm Solutions can help. Let’s get in touch!

 

About the author

Joep van Doornik – Payment Solutions
Product Owner

I’m Joep van Doornik, Product Owner at Alphacomm. I make sure that our services remain cutting edge.


Related articles
Strong Customer Authentication Alphacomm Solutions

EBA Report: Pay attention to cybersecurity and customer education

The European Banking Authority recently released a report in July. In the ‘EBA report on the impact of FinTech on payment institutions’ and E-money institutions’ business models,’  the EBA lists a number of key challenges faced by the payment industry. 

These key challenges include operational resilience and ICT security, operational capacity, regulatory framework, customer education as well as acquiring and retaining talent. In this article, I’d like to take a closer look at two of these challenges and how Alphacomm Solutions is taking them on.

Security

One challenge that stands out in particular, is that of operational resilience and ICT security. Security has always been and will always be a cause for concern. In the realm of eCommerce, fraudsters are quick to adapt their tactics and never stop looking for weaknesses to exploit.

Our lives have moved to the internet and so has our data. Our laptops and smartphones are treasure troves of private information. What complicates matters, is that data is shared with an increasing number of third parties. New regulations like PSD2 also play a part in this development.

The more digitally interconnected our society becomes, the larger the potential consequences of a security breach. The EBA report underscores this fact and foresees an ‘inevitable proliferation of cyber-risk in the payments industry.’

As the share of cashless payment transactions increases, protecting these transactions from prying eyes is becoming an increasingly difficult task.

Alphacomm Payments

Still, online businesses shouldn’t have to bear the risk of fraud. Your payment gateway provider should be confident enough to guarantee all payments. For example, Alphacomm Solutions offers 100% fraud risk takeover. Our SaaS fraud solution includes the automated screening of online transactions, including chargeback protection. It’s also GDPR proof; data is handled properly per EU regulations.

 

Customer education

Another aspect of the EBA report that requires close attention is customer education. The report illustrates a need for more digital and financial literacy among customers. A lack of financial literacy in the digital space can lead to one of two scenarios.

The first scenario is that innovative, forward-thinking, digitally-minded businesses are forced to launch or maintain a physical presence. The other is that less literate consumers end up excluded from participation, as innovators assert the digitally savvy market is large enough to operate in exclusively.

Consumers are not all the same. Businesses should ask themselves if and how they can better inform and educate their consumers as the industry inches forward into a fully digital environment.

Alphacomm Reminders

At Alphacomm, we are aware that not all consumers are equally ‘digital.’ One area in which we see this is payment collection. There are differences in literacy, financial stability, culture and these differences play a role in how a request of payment is handled. Therefore, when it comes to collecting outstanding payments, there’s no such thing as one size fits all.

In 1964, Canadian philosopher and media theorist Marshall McLuhan first coined the phrase, ‘the medium is the message.’ With it, he portends the character of the medium through which content is transmitted is more important than the content itself. It is the medium itself that influences our behaviour. In other words, if the medium is ill-suited to the recipient, the message may be lost.

We have solved this dilemma by developing a payment reminder solution that can be tailored to the preferences of any demographic. From formal letters to WhatsApp chats or complete interactive landing pages that feature multilingual instructional videos and ranging do-it-yourself payment options.

The EBA report

The EBA report is an informative read and goes far beyond the two challenges highlighted in this article. If you feel like tackling the 33-page report over the weekend, visit the European Banking Authority website. To read more about our solutions, visit our payments, top-up and reminders pages.

 

 

About the author

Joep van Doornik – Payment Solutions
Product Owner

I’m Joep van Doornik, Product Owner at Alphacomm. I make sure that our services remain cutting edge.


Related articles
Strong Customer Authentication Alphacomm Solutions

Cold hard cash: a look at the cashless trend in the United States

The cashless trend is global. But as we wrote in a previous article: the impending cash extinction will one day be upon us, it just won’t happen everywhere all at once. In this article, we look at the state of cash in the United States. 

In 2019, the total transaction value of digital payments in the United States stands at $961.5 million. An annual projected growth rate of 8.6% will propel this figure toward $1.3 billion by 2023. But what effect does this have on the popularity of cash?

Shelle Santana, assistant professor of business administration at Harvard Business School collaborated with financial services provider Square to analyse millions of payment transactions in its database. The conclusions are interesting.

More spending on smaller purchases

In 2017, 30% of all payments in the USA were made in cash. While in 2015, 63.8% of American households had a credit card. In 2017, this number increased to 68.7%. More and more Americans have cards. Just like in other countries (with the exception of China), Americans are also using their cards for smaller and smaller purchases.

A comparison between 2015 and 2019 shows a drop from 46% to 37% in the use of cash for transactions under $20. Santana’s research shows that nowadays, half of Americans would use their cards for low-cost purchases.

Pushback

Overall, using cards instead of cash has many benefits. Among other things, it improves financial accountability, makes the shopping experience much faster and improves safety by limiting the amount of cash on store premises. It’s even healthier to use cards instead of cash.

Still, there has been a fair amount of pushback. Many Americans are of the opinion that modern companies shouldn’t have the right to be cashless. One of the arguments used is that cashless businesses discriminate against the less affluent members of society as they are more likely to be dependent on cash and less likely to have access to cards.

Interestingly, some noteworthy companies that had previously declared themselves cashless, have started accepting cash again. Either due to pressure from customers or as the result of legislative measures.

A prime example (pun intended) is Amazon Go. The super modern cashless (and cashierless) stores launched in December 2016, have recently started accepting cash. To shop at Amazon GO, one needs a smartphone. As it turns out, 23% of Americans who earn $30,000 or less, don’t own one and thus cannot participate in the ecosystem.

In the United States, there are cities and states that have taken measures to make sure citizens can always use their physical legal tender. For example, the state of New Jersey and the city of Philadelphia. Both have passed legislation banning cashless businesses. Similar legislation has been proposed in other cities as well.

The times, they are a changin’

Shelle Santana’s research revealed that 73% of small business owners believe that the United States will never be a fully cashless society and 83% said they would never go cashless.

Still, the times are changing. As digital payments continue to grow in both volume and value, and access to smartphones increases, society will continue to inch towards a cashless existence. As Greek fabulist Aesop (621 BC – 565 BC) hinted in his fable ‘Tortoise and the Hare,’ this is a case where, in the end, slow and steady will inevitably win the race. Similarly, the more we transact in the digital space, the more important the need for safe and secure digital payment systems.

What we must take away from the insights cited in this article is that there is a moral responsibility to make sure all individuals can properly participate in the economy and share in the prosperity that digital payment solutions provide.

 

About the author

Joep van Doornik – Payment Solutions
Product Owner

I’m Joep van Doornik, Product Owner at Alphacomm. I make sure that our services remain cutting edge.


Related articles
Strong Customer Authentication Alphacomm Solutions

Auto top-up for prepaid; the benefits of postpaid without the hassle

Auto top-up for prepaid; the benefits of postpaid without the hassle

Each and every mobile credit provider struggles with customer churn. So how do we keep prepaid customers coming back? The answer lies in giving more power to the people. 

Topping up is a tricky moment in the prepaid customer life-cycle. Unlike with postpaid, prepaid users are constantly faced with the question of whether or not they want to pay. When prepaid customers run out of credit, they may choose another provider, switch over to Wi-Fi for an extended period of time.

Automatic top-up = Power to the people

Many people with mobile phones choose prepaid because of the savings and the control it affords them. Many financially conscious consumers are wary of contracts and may not want to enter into a two-year binding agreement with a mobile phone provider.

It is true that some prepaid users, e.g. the elderly or very young, are provided with a phone by someone else. This person carries the responsibility of making sure their loved one can make calls or access the internet.

However, the stereotypical prepaid user or sponsor is aware of her spending habits. She checks her balance on the regular and tends to buy just enough credit to last a couple of days or weeks.

So how do you give a loyal yet financially conscious prepaid user more power? You do so by rewarding her with the choice of opting in for recurring payments, without binding contracts. Automatic top-up is a win for the user as well as the provider. The user is able to top-up automatically without binding commitments while the provider stabilises the prepaid revenue stream.

How automatic top-up works

So how does it work? Automatic top-up is simple. Whenever a user’s credit dwindles below a certain threshold, the credit is automatically purchased. Automatic top-up can also be set up as a recurring payment that occurs on a weekly or monthly date. If there’s no money in the bank account at the time of top-up, there’s no harm done. The user will just have to do it manually, that time.

Since automatic top-up is nonbinding, customers won’t have to stress about whether or not they can afford it and the legal/financial consequences thereof. Moreover, unlike with a postpaid contract, prepaid users with automatic top-up never have to worry about out-of-plan charges.

 

Auto top-up for prepaid; the benefits of postpaid without the hassle

Get to know your customers

The direct monetary benefit is obvious. If prepaid customers opt-in for automatic top-up, that translates into a more stable stream of revenue and a higher ARPU overall. But what about other benefits?

One of the main differences between prepaid and postpaid customers is there’s a wealth of information on the latter and little on the former. Prepaid phone users are generally anonymous. The person who originally bought the sim card might not be the person using it.

Not knowing how your customers think will lead to ill-informed business decisions. If you don’t know who your customers are, how are you ever going to reward them or make them personalised offers?

Making prepaid customers more postpaid-like is a surefire way of bringing anonymous users in from the shadows. Registering for automatic top-up gives your customers the opportunity to provide you with valuable marketing insights like demographic data and behavioural context.

Nowadays customers value convenience above anything else. Improve customer loyalty by treating them like royalty. Give them the tools necessary to lead easier lives and in return, they will become better customers.

 

About the author

Alper Altan – Reload Services
Business Development Manager

I’m Alper Altan, Business Development Manager at Alphacomm Solutions. I make sure that Alphacomm maximizes profit on existing customers as well as new business.

More about Alper »


Related articles
Strong Customer Authentication Alphacomm Solutions

Why the Libra just might succeed

Facebook recently announced the launch of a brand new cryptocurrency. The new currency, which is slated to go into circulation in the first half of 2020, will allow users to own and transfer money without the need for a bank account.

Libra’s mission is to enable a simple global currency and financial infrastructure that empowers billions of people. (Facebook, 2019)

What’s in a name?

The unit of currency is called “Libra.” The name choice is interesting. Ancient Romans used the Libra as their currency. The Libra currency of old Rome was based on a unit of weight (12 ounces). The Libra, in fact, is the precursor of the pound. Libra, in Latin, also means balance or scales.

Obviously, the name is no accident. Smart people spent some time doing research before coming up with it. Still, many folks in Australia are a bit less enthusiastic. After the announcement, some were quick to point out that Libra is the country’s number one brand of sanitary pads. Others have pointed out that the Calibra logo is basically the same as that of a popular digital bank.

The name isn’t exactly original either. In 2017, the Libra Credit, a crypto coin known as LBA, was launched by the Libra Foundation. The Libra Foundation was founded by former PayPal executives. It was launched as part of a blockchain-based decentralised lending platform. Today, its LBA coin is still under active development. However, after undergoing a name change in 2018, LBA currency is now referred to as Cred rather than Libra Credit.

Why the Libra is not going to fail

Two of the major issues facing cryptocurrencies are ease of access and stability of the currency. For the Libra to be a success, it will require mass adoption from the start. People who want it should be able to get it easily and have the peace of mind the Libra will remain stable for quite some time to come.

Access won’t be an issue. The Libra will be available in Messenger and WhatsApp as well as in a Calibra wallet (standalone app). Messenger and WhatsApp are used by 1.6 billion and 1.3 billion users respectively. The mobile app, a digital wallet named Calibra, will allow users to transfer Libra to any other smartphone user.

The stability of the Libra is maintained by a reserve that administers real assets. Every Libra that is minted, is backed by a basket of short-term government securities and bank deposits.

In other words, Libra is accessible, stable, and thanks to the backing of global players and institutions, it’s also scalable.

Don’t equate Libra with Bitcoin

Bitcoin and Libra both make use of blockchain technology. Still, an interesting difference between the likes of Bitcoin and Libra is that the latter plans to play nice with regulators. Libra, unlike most cryptocurrencies, is highly centralized and goes againt the spirit of what early pioneers like Bitcoin creator(s) Satoshi Nakamoto intended. Bitcoin was never meant to be regulated by financial institutions. Bitcoin along with many other altcoins that followed were launched on the basis of complete independence from regulation and total anonymity.

In many places around the world. this has led to the banning or restricting of (trading in) cryptocurrencies.

Libra, on the other hand, will be a product of the current financial system and live by its rules. In the short term, this means a quick rollout, fewer technical or regulatory hurdles and a shorter path to mass adoption.

It remains to be seen whether or not a successful launch of the Libra will normalise the ‘concept’ of blockchain technology and in so doing help bring cryptocurrencies like Bitcoin or the lesser known Ether, and Monero out from the fringes and into the mainstream.

Who’s behind the cryptocurrency?

Perhaps, the main reason why the Libra is going to succeed, is the awe-inspiring list of names behind it. The Libra is managed by the Libra Association. It’s members, are companies that have all paid 10 million dollars or more to be considered its ‘founding members.’

At time of writing, this list of Founding Members includes companies in payment (Mastercard, Paypal, PayU, Stripe, Visa), marketplaces (Booking, eBay, Facebook, Farfetch, Lyft, Spotify, Uber), telecom (Vodafone, Iliad), blockchain technology (Anchorage, Bison Trails, Coinbase, Xapo) as well as venture capital (Andreessen Horowitz, Breakthrough Initiatives, Ribbit Capital, Thrive Capital, Union Square Ventures) and nonprofits or education organisations (Creative Destruction Lab, Kiva, Mercy Corps, Women’s World Banking).

Okay, if you’re into science fiction movies, you might have questions. A new global currency, launched by private multinational corporations, with a goal of introducing access to banking to 1.7 billion new users around the world? Let me address the underlying question. Do they own the money? No.

The Libra blockchain makes use of distributed governance. In a nutshell, this literally means that no single entity owns or controls the network. The fact that it’s built on open source code, means that developers, researchers and enthusiasts will be able to keep a close eye on it and monitor for security issues.

The Libra Association is an autonomous, nonprofit organization based in Geneva, Switzerland. Why Switzerland? Well, it’s a neutral country for starters and has been for centuries. It’s also very friendly towards blockchain technology and its related startups.

According to the Libra whitepaper, the goal is to have around 100 founding members by the time the currency launches.

So what does this mean for your business?

If you run an international e-commerce platform, it means you’ll end up accepting payments in an additional currency. Currency conversion isn’t something you generally need to lose any sleep over. As long as your payment gateway is properly set up to handle it, your clients will continue to buy from you and praise you for being quick to offer the latest payment methods. So, if you’re a global player in affordable goods or services, congratulations, your potential market is about to expand.

If you develop and sell (financial) services, things are about to get interesting. Developers, consumers and businesses will all be allowed to create and launch their own products on top of the Libra blockchain.

At Alphacomm Solutions, we’re going to be keeping a close eye on Libra. As always, you’ll be able to count on us to assist you when the time comes.

More than a billion people are about to join the digital economy. What are you going to do about it?

 

About the author

Alper Altan – Reload Services
Business Development Manager

I’m Alper Altan, Business Development Manager at Alphacomm Solutions. I make sure that Alphacomm maximizes profit on existing customers as well as new business.

More about Alper »


Related articles
Strong Customer Authentication Alphacomm Solutions