Research and reports
Does your business sell online? New regulations coming into force mean customers will need to take extra steps to confirm their identity during online transactions.
From 14 March, customers using a credit and debit card to buy online may need to give two forms of identification to their bank under new Strong Customer Authentication (SCA) rules. Find out what this means for your small business.
Strong Customer Authentication is new regulation for online transactions under the EU’s Payment Services Directive (PSD2).
It applies to transactions in the European Economic Area (EEA) and the UK and is designed to check your customers are who they say they are.
These extra security checks were due to come in a year ago, but roll-out was delayed to give businesses more time to prepare.
Ultimately these checks are to support businesses and consumers with the rising threat of fraud and cyber crime. But you could also see a rise in customer transactions getting declined as it adds an extra layer of complexity to their online shopping experience.
If you’re an ecommerce business or online shop then you’ll be used to taking online payments or saving customer card details.
Specifically, the new security checks apply to:
Lower value transactions – EU rules say transactions below €30 (£25) should continue in the way your customers are used to and won’t need these extra checks.
Direct Debit transactions – these are considered as authorised by the merchant and taken with pre-approved consent from the payer, so won’t be affected by SCA rules.
Certain secure corporate payments – for example payments through controlled corporate travel management systems.
Make sure your card payment machine is using the latest software and compliant with the new rules.
These machines are designed to follow industry regulations, and Chip and PIN already provides the layer of security needed for SCA. However, it’s a good idea to check with your bank or provider that your system is up to date so you don’t run into any issues.
A customer may be prompted to show additional identification for their bank to approve online transactions, for example through:
It’s important to be ready for the new rules as any issues could result in customer transactions getting declined. Here are a few things you can do to help your business prepare:
Contact your business bank or company that provides checkout services on your website – they should be able to automatically apply the SCA changes, and flag any transactions that the rules won’t apply to.
Make the journey as smooth as possible for your customers – your bank may also be able to help identify certain payments that may not need SCA.
Use the latest version of 3DSecure – 3DSecure authorises card transactions for online transactions (although there are alternative solutions available). Make sure your integration with your site is using the latest version (3DSecure v2) as this is compliant with SCA rules and is compatible with mobile devices.
Businesses that don’t comply with the new rules by 14 March may be monitored by the FCA.
Still have questions about the roll-out and what it means for your business? UK Finance has more information on SCA for merchants.
Is your business ready for the new SCA rules? Let us know your experience in the comments.
Catriona Smith is a content and marketing professional with 12 years’ experience across the financial services, higher education, and insurance sectors. She’s also a trained NCTJ Gold Standard journalist. As a Senior Copywriter at Simply Business, Catriona has in-depth knowledge of small business concerns and specialises in tax, marketing, and business operations. Catriona lives in the seaside city of Brighton where she’s also a freelance yoga teacher.
We create this content for general information purposes and it should not be taken as advice. Always take professional advice. Read our full disclaimer
6th Floor99 Gresham StreetLondonEC2V 7NG
Sol House29 St Katherine's StreetNorthamptonNN1 2QZ
© Copyright 2023 Simply Business. All Rights Reserved. Simply Business is a trading name of Xbridge Limited which is authorised and regulated by the Financial Conduct Authority (Financial Services Registration No: 313348). Xbridge Limited (No: 3967717) has its registered office at 6th Floor, 99 Gresham Street, London, EC2V 7NG.