According to the 2020 Study on Payment Methods and Online Fraud , presented by the Spanish Association of Digital Economy (ADigital), currently 40% of e-commerce sites in Spain are unaware of the mandatory authentication requirements for online shopping transactions. This is a high percentage considering that online fraud continues to grow considerably and in parallel with the increase in purchases in electronic commerce.
Kaspersky's 2019 report also shows that 2% of online banking transactions were scams, and 16% were suspected cases of possible fraud. Banks often take responsibility for these scams, recovering less than 25% of the defrauded amount, according to a KPMG study.
These figures are surprising if we take into account that 78% of the companies surveyed in the ADigital study declare that their annual fraud rate is less than 0.25%, which self employed phone number list represents 12% more companies, compared to 2019, that have implemented an anti-fraud management system, with technology being the ideal solution through the mandatory implementation of new reinforced authentication systems.
Does your e-commerce comply with the new online payment security protocol?
This is the main issue facing many online businesses today, when the new electronic payment security regulations have already come into force in Spain.
A situation that requires changes in the authentication process for online payments with credit or debit cards, which if not implemented, would affect the sales of many e-commerce sites since banks can reject payments that require SCA authentication .
For this reason, it is important for companies to pay attention to these new requirements to see if their business model is affected, decide which SCA product is best suited for their business, and implement the necessary security changes to avoid declined payments.
How to authenticate your ecommerce store's online payment to comply with SCA?
Through the 3D Secure security protocol , accepted by many European credit and debit cards, or its new version 3D Secure2 , which offers a better user experience, minimizing friction during the online purchasing process.
Traditional online payment only required two security steps to make the transaction effective: on the one hand, the bank approved or authorized the payment; and on the other, the capture occurred once the charge was made to the card.
With SCA, an additional step is added to the online purchasing process , requiring at least two of the following elements, in order to reinforce the security of online payments:
SCA_required_elements
In this way, the payment process with SCA authentication would be like this:
Authentication: The customer authenticates the payment through 3D Secure.
Authorization: The bank approves or rejects the payment. If approved, it may be held for 7 days.
Retention 7 days: Period from authorization to capture.
Capture: Payment is completed by charging the customer's card.
However, the online business model must be taken into account to see how the electronic payment authentication process can be integrated . Authentication of a purchase in an e-commerce with a single payment and without the need to save the customer's card data is not the same as authenticating the purchase of a car rental company, where the payment is captured more than 7 days after authorization and its final amount may vary depending on the application of a discount, change of vehicle category, etc.
Impact of SCA on conversion ratios
According to research by Ravelin , the introduction of the 3D Secure security protocol leads to a 22% drop in the conversion rate compared to the payment process without authentication. The fact that more steps are added to the payment process generates much more friction, causing the purchase to not be completed, as well as other inconveniences such as users forgetting their passwords.
Faced with this problem, the new version 3D Secure 2 was created with the aim of reversing the negative part previously raised, maintaining the level of security, reducing friction and avoiding the abandonment of shopping carts during the payment gateway process. How? By reducing steps or facilitating the process through fingerprint or facial recognition, thus reversing the conversion problems of the original 3D Secure.
Online payments exempt from SCA
Within online commerce and under the new regulations on reinforced customer authentication, there are exemptions for which it is not necessary to implement payment authentication, for example in low-risk purchases, payments under €30, fixed-amount periodic subscriptions, transactions initiated by the online merchant such as direct debits or payments made from saved cards without the customer being online, telephone sales, corporate payments or trusted beneficiaries.
