Strong Customer Authentication: Ready or not, here it comes!

We’re rapidly approaching the introduction of regulations designed to significantly reduce electronic payment fraud in Europe, known as ‘Strong Customer Authentication’ (SCA). Yet new research with airlines and travel agencies shows significant work remains if the travel industry is to be ready for this major change, with only one in three travel merchants expected to be ready by the 14 September deadline. We see this as an opportunity for the whole industry to work together to combat fraud, benefitting travelers, merchants and the banks.

SCA mandates all electronic payments in Europe be subject to two-factor authentication, meaning travelers must complete additional steps to authenticate the transaction before payment is accepted. Introducing additional checks should help tackle Europe’s €1.8 Billion of card not present fraud, making it much harder for someone to use your card to make a purchase. The additional checks will ensure travellers feel more empowered and confident when making payments. So, what’s not to like about SCA?

While the objectives of this new regulation are admirable, it’s clear SCA poses risks for travel merchants, not to mention implementation challenges. Chiefly, requiring travelers to undergo additional checks, such as providing a one-time passcode sent to their mobile device, introduces some friction to the digital experience. This may sound like a small price to pay but our research shows the industry expects this additional friction to increase abandonment rates by 10-20%. What will the actual impact be? In our view any drop in abandonment rates should be a relatively short-lived phenomenon as travelers adapt to the new steps required of them, which they’re actually already performing for mobile banking for example.

Another concern amongst the e-Commerce community is the potential for a cliff edge. Card issuers are responsible for applying SCA to a particular transaction, yet many other players including acquirers and merchants themselves must upgrade systems so they are capable of handling two-factor authentication. If that doesn’t happen, and an issuer therefore cannot request a traveler performs SCA, they may simply reject the payment.

Fortunately, the above scenario does now appear less likely given many local regulators across Europe have introduced a grace period for SCA compliance for e-commerce transactions over recent weeks, kicking the cliff edge moment down the road. The fact this has been necessary highlights how much work is still to be done and that the travel industry must remain focused.

In my view, the best way to step up to this challenge is to harness the technology that is rapidly developing to support SCA. 3DS 2.X solutions are changing the game by allowing ever greater data sets to be analysed for fraud, by improving the authentication experience on mobile devices, and by introducing biometric authentication.

With 65% of airlines and agents expecting SCA to negatively impact sales, how travel companies prepare has implications for the bottom line. There are steps firms can take to mitigate the impact of SCA, with 70% of respondents to our research intending to work with their acquirer and payments partners to apply the various exemptions provided for within the regulation and more than half signalling a move to the latest authentication technology (3D Secure 2.X).

Despite the current concerns and the hard work ahead it’s my firm belief that the sky isn’t going to fall in on 14 September. Travel commerce will continue, payments will be accepted and people will still be traveling. Our industry will step-up to this challenge as it has done with other industry-wide change programmes such as e-ticketing, and as it is currently doing with NDC. With the recently announced grace periods, travel now has the breathing room to get this right.

At Amadeus, we strongly advocate greater collaboration to support SCA across the travel industry. For our part, we recently announced a partnership with CyberSource, Visa’s payment management platform, to bring its leading authentication technology to the travel industry. It’s also worth remembering that the more proactive firms are in navigating the complexity of SCA, the more able they will be to accept payments, putting them at a competitive advantage.

I encourage you to read our new report ‘Strong Customer Authentication in travel payments’ to learn more about how the industry is balancing fraud prevention and friction-free commerce.