Ensuring UK SCA compliance and minimising customer impact

Payments are key to our e-commerce economy. In this context, enhancing the customer experience and protecting customers from fraud are two key elements required to support the continuous increase in e-commerce spend. For that reason, the implementation of Strong Customer Authentication (SCA) for e-commerce transactions is critical as it represents a key weapon in the industry's fight against fraud.

However, the implementation of SCA for e-commerce is a very complex task, requiring readiness from all parties in the e-commerce payments ecosystem to minimise any customer impact.

An extension on the SCA enforcement date to 14 March 2021 was initially agreed in the UK due to regulatory uncertainty, late guidance on clarifications of critical elements, insufficient or delayed availability of required technology solutions and low awareness among e-merchants. The unexpected development of Covid-19 and its impact on the UK economy and all parties created unforeseen challenges and prompted the need for a further extension.

In recognition of this unprecedented situation, the Financial Conduct Authority (FCA) recently announced a further extension to the enforcement of SCA for e-commerce transactions by six months to  14 September 2021. As part of this announcement, the FCA highlighted the need for the industry to have a clear implementation plan to mitigate the risk of this complex development in terms of customer impact.

UK Finance's SCA Programme has worked, in co-operation with its members and the wider industry, on the development of an industry plan to provide clarity to all e-merchants, gateways, acquirers, issuers, and any other party involved in the e-commerce payment ecosystem to ensure:

  • understanding of the key high-level milestones and the UK industry plans for a SCA Ramp up (gradual and controlled introduction of SCA in advance of the UK enforcement date)
  • that work continues towards SCA readiness by 31 May 2021.

The plan published today is structured in three key phases and focuses on SCA compliance, based on scheme-based payments solutions (i.e. 3DSecure) which are the majority of e-commerce transactions. However, there are other payment solutions in the market which are also SCA compliant, such as those provided through Open Banking or Apple Pay, Google Pay or others.

The three key phases highlighted in the UK implementation plan are:

  • Phase 1 - Development (2020)

The aim is to ensure all parties and specially e-merchants enable support for 3DS and/or correct flagging of transactions send directly via authorisations.

  • Phase 2 - Market Readiness (1 Jan - 31 May 2021)

Implementations from e-merchants and issuers are expected to be completed during this phase. Issuers will start enabling SCA for certain transactions to provide e-merchants with a period of testing and transition which will have minimum impact to the customer's check-out journey.

  • Phase 3 - Full Ramp up (1 Jun - 13 Sep 2021)

A gradual introduction of SCA to provide a period of adjustment and minimise any customer impact by enforcement date. During this period issuers will start checking randomly if e-commerce transactions are SCA compliant, and soft decline them if they are not.

This means that payment service providers, gateways, e-merchants, and technology providers will need to be ready for SCA by the end of May 2021, to avoid any unnecessary declines which will have a detrimental impact on customers.

There is still a lot of work to be done to ensure e-commerce transactions are SCA compliant with minimum customer disruption. UK Finance will continue leading this critical work to ensure that a coordinated approach and monitoring of the significant and multiple industry changes required is in place. UK Finance is committed to delivering the best outcomes for UK customers and the market. The UK is and will remain one of the most sophisticated payment markets in the world, with some of the best anti-fraud tools currently in use. The UK will maintain this view of the fight against fraud by implementing a long-term rollout of compliant SCA solutions. These solutions will deliver the best customer experience, whilst being at the cutting edge of innovative authentication.