Remaining EU members will introduce the new SCA regulation by December 31, 2020. At the moment, online businesses are not prepared to implement this new regulation due to its complexity.
Next September 2019, SCA (Strong Customer Authentication) will be introduced as part of the European Directive PSD2 (Second Payment Services Directive), which regulates the security standards for payment transactions.
The SCA will be applied to payment transactions within the EEA (European Economic Area) and will require final customers to provide an additional authentication step at checkout. Final customers will need to present at least two of the following three elements: something the customer knows (a PIN), something the customer owns (a credit card) and something the customer is (a fingerprint or facial recognition, for example). From September 14, 2019, transactions not meeting with the SCA requirements will be declined.
The aim is to reduce fraud and make online payments more secure, but comply with the SCA and balance the user experience will be a great challenge for some sectors, especially the travel one.
In the travel sector, many transactions are not paid at the time of checkout, where it will be easy to authenticate the customer. Customers usually save their payment details and pay when checking-out of the hotel, in some cases after months from when the first transaction was done. The complexity of the payment flow and the multiple actors involved in the process make the SCA a challenge for the sector.
That is why SCA and the PSD2 Directive were the main topics of a panel at the baVel Travel Summit, organized by Voxel Group and held in Barcelona last 22nd and 23rd of May. Experts participating in the panel – OTA’s, hotels and payments technology representatives – agreed on the uncertainty that this new requirement is generating to companies.
“There is a lot of uncertainty, split in multiple angles, and especially it sits with the implementation of the SCA”, explained Head of Product Marketing & Payments Business at Booking.com, Morten Larsen. From the hotels perspective, Credit & Insurance Senior Director at Meliá Hotels International, Gaspar Llabrés shared the opinion that the SCA puts them in a complex scenario. “We are waiting for final technical documentation from the processors in order to know exactly what we have to develop and what we have to set up”. On the other hand, payment processors are also complaining about the lack of information. “There’s been a lack of specificity on how we have to apply this regulation from a financial point of view”, affirmed Board of Directors at HEDNA and CEO at XanderPay, Mike Carlo.
According to Edgar & Dunn Company, the consultancy firm for payments and digital financial services, the SCA will not only be a technical issue for businesses, but it will directly affect the guest experience. “The SCA should be included in the commercial strategy, as it will affect the core business and it could potentially reduce conversion rates”, explained Director at Edgar & Dunn Company, Pascal Burg.
Booking.com stated that the main problem comes from the lack of information and communication of this initiative. “We work with a lot of independent accommodation partners, all the way from guest houses to small independent hotels. Our next challenge is to educate this type of accommodation partners about such a complex regulation, as they don’t even know this is coming soon”.
The SCA will come into force September 14 in Europe, but its implementation will be at a national scale. “It will be interesting to see if they will have a soft or hard enforcement depending on the country”, pointed Larsen. At the moment, it is not known the real impact of the SCA, but the different parties agree on the importance of businesses talking to their acquirers to get a better understanding of the regulation, its impact to their business and in order to maintain their conversions.