Subscription Merchants Brace For Strong Customer Authentication

Monday, November 1st, 2021

Strong Customer Authentication or (SCA), is a regulatory condition to make online payments more secure and to ultimately decrease payment fraud. SCA provides an extra level of security when “end-customers” make their purchases online. 

In September 2019, SCA was rolled out across Europe as part of the Second Payment Services Directive or (PDS2). 

How Does SCA Work?

SCA offers two-factor authentication to verify the identity of the customers with specific requirements about what makes up true “authentication.”

As part of SCA, there are three legitimate categories of authentication. The three categories are the following:

• Knowledge (only the customer would know): such as a password, PIN, secret fact, or passphrase.
• Possession (only the customer possesses): their mobile phone, smart card or token, or smartwatch.
• Inherence (what the payer is): facial recognition, fingerprint, voice patterns, iris format, and DNA signature. 

In order to complete their payment, the customer must provide at least two of the aforementioned forms of authentication. 

How Will This Affect Subscription Merchants?

In the last few years, subscription services have soared in the UK. According to Zuora.com, 89% of British people have subscribed to at least one subscription service. In the US, $420 billion was spent on subscriptions back in 2015, which was a considerable hike of 95% from the year 2000.

With the rollout of SCA, subscription businesses stand to lose if they do not familiarize themselves with the rules and regulations as well as implement strategic plans to navigate these waters. 

Unfortunately, with more rigorous measures for online security comes a considerable reduction in conversion rates. Peter Robinson, a payments advisor with EuroCommerce, predicts that more than one-third of merchants’ online payments could fail if they do not comply.

PYMTS.com has conducted research that revealed that negative experiences when registering for subscriptions generally equated to the termination of services. For US-based customers, those that have described their experiences as “difficult” or “somewhat easy” are four times more likely to cancel streaming subscriptions. 

Entering payment information seems to be another pain point regularly expressed. Subscribers that are asked to update their payment information more than once a year are more likely to cancel their accounts. 

In theory, recurring subscription payments are protected from “repeated authentication” under the SCA’s merchant-initiated transaction (MIT) exemption. However, it is still mandatory that merchants provide their evidence to their payment service providers (PSPs) that the payments actually qualify as MIT’s. Still, these same providers and even card issuers can simply reject payments as a precaution as they are ultimately responsible for compliance. 

What Can Subscription Merchants Do To Circumvent The Challenges?

Although the SCA regulation will offer an extra layer of security, it will pose new challenges for subscription-based businesses. Conversion losses due to SCA could range between 10% to 33%. For the recurrent payment services market in Europe, which is currently valued at $400 billion, these losses could mean a significant impact. 

However, the rolling out of SCA does present subscription-based merchants with opportunities to more carefully scrutinize their payment flows, determining whether or not their payment options are both secure and aptly suited for subscriptions. 

One solution that has been largely overlooked by subscription businesses is the use of direct debit. This is the preferred method of payment for utilities such as cell phone services and internet throughout Europe. The reason that direct debit is beyond the reach of SCA is due to the minimal fraud risk in comparison to that of credit cards. 

Looking Ahead

As online commerce continues to grow, so does the need for tighter, more robust security measures to protect both customers and merchants. Subscription businesses can face the challenges head-on if they ensure that their payment strategies are safe, efficient, and compliant to remain competitive, not just in Europe, but throughout the world.