We need to know about the new EU rules on e-commerce payment

Digital business sales in Western Europe will grow at a compound annual rate of 17 percent between 2018 and 2022, reaching $1 trillion by the end of 2022, according to 451 Research’s global business forecast.






The rapid expansion of the market presents exciting opportunities, but at the same time there are some bad consequences.

That is, fraudsters are increasingly turning to online channels, sparking the demand for improved risk management and strong customer certification in the e-commerce market.

As a result, European regulators have chosen to address the increasingly complex issues of digital business fraud through strong customer certification (SCA), with the aim of reducing fraud by enforcing more uniform and rigorous authentication methods.

What is SCA? What does that mean?






In November 2015, the EU adopted the payment services directive (PSD 2). From September 14, all companies in the EU will have to comply with the directive, which involves an aspect of SCA (Strong Customer Authentication).

SCA (Strong Customer Authentication), a rigorous user authentication mechanism.

SCA is being introduced in the European economic area (EEA) as part of the amendment to the payment services directive (PSD2) legislation.

It applies to customer-initiated purchases that take place in Europe, as long as the cardholder’s issuing bank and merchant payment providers (such as bill collectors) are located within the European economic zone.

According to SCA regulations, e-commerce transactions in Europe must be validated in two separate forms of authentication, starting September 14, 2019.



SCA aims to minimize the risk of fraudulent transactions and make online payments safer. The measure will change the way more than 300 million European consumers pay online.

As deadlines approach, internet companies need to be prepared to meet their obligations. The rules surrounding SCA actually mean that European consumers will need to use two-factor authentication (2FA). Essentially, a second factor, such as a password or fingerprint, is required before the transaction is completed. If the e-business enterprise does not implement these changes, the bank will automatically reject payments that are not SCA compliant.

Circumstances in which immunity may be granted



Some exceptions to these measures, such as regular direct debits — thought to be initiated by merchants — are not affected by the rule. Similarly, contactless payments and personal credit card payments can also be exempted. If a customer buys a product from a merchant on a regular basis, it may initially take 2FA. However, in subsequent cases, the customer will be whitelist and there is no need to repeat the process.

Purchases of less than EUR 30 are exempt from SCA. However, once the five trade below 30 Euros or the total value of these transactions reaches 100 Euros, SCA will be required. At that point, SCA will be applied, and then the “transaction count” will be reset.

Potential problems

There are 6,000 banks in Europe, so because each bank may draw its own conclusions when interpreting SCA rules, the results for consumers and merchants may not be consistent. This may result in consumers being required to use biometric authentication methods such as voice, face recognition, PIN code and fingerprint for secondary authentication.

To cope with the coming digital payments regulations, the payments industry will need to build the right products to cope with SCA. Payment service providers, on the other hand, will need to work with Banks to try to provide a smooth transition, as Banks will be primarily responsible for interpreting SCA rules.

It will be crucial to educate online merchants about the regulations that are being implemented. Currently, only 25% of online merchants understand SCA and its SCA-related obligations. This lack of awareness is particularly acute for smaller e-commerce enterprises.