Strong Customer Authentication: are you ready for new payment rules?

Preparing for the deadline

When asked about the biggest challenges to SCA readiness, 65% of firms cited the Covid-19 pandemic and 55% a lack of internal resources. On average, research suggests the pandemic has set SCA programmes back by around six months in travel. This appears to have been a substantial blow when the industry was already struggling to meet the new payment requirements.

However, there remain reasons for optimism. A great deal of progress has been made recently: with the new 3DS 2 authentication protocol now available, the industry can at last access the function-rich technology it needs to deliver SCA in a wide variety of scenarios.

Our ’Strong Customer Authentication action plan’ makes a number of recommendations for travel players, outlined below.

Map specific payment flows: the starting point for SCA in travel is to understand and map different payment flows, including payments and technical intermediaries that will likely be required to upgrade systems to make SCA happen.

Migrate to 3DS 2: for e-Commerce payments it’s recommended that travel companies move their direct channels to the latest industry authentication protocol, 3DS 2, which helps prevent fraud while protecting the customer experience. This is also particularly important for travel agents and suppliers involved in ‘multi-merchant’ bookings like package holidays, where 3DS 2 uses ‘dynamic linking’ to significantly improve authentication when multiple suppliers are involved in a booking.

Understand use cases: planning for SCA in travel requires travel agents and suppliers to plot their specific use cases in advance to facilitate key decision making, such as whether a travel agent should become the ‘merchant of record’ or pass the payment to the travel supplier to process. There can be business opportunities for agents that adopt a MoR approach, but ensuring you can perform SCA is critical.

Plan for Merchant Initiated Transactions (MITs): these transactions are critical in travel, allowing the traveller’s card to be charged for cancellations, hotel mini bar or pay by instalment plans when the traveller isn’t present. SCA requires travel suppliers and travel agents to present clear T&Cs for MITs at the time of booking as well as ensuring proof of SCA so MITs can be initiated later in the travel experience.

Collaborate to benefit from exemptions: there are a number of exemptions that promise to ease the impact of SCA in travel, for example, the ‘Secure Corporate Payment’ or ‘Whitelisting’ exemptions. Travel companies will need to collaborate with payments, technology and distribution partners to maximise the application of such exemptions.

Two thirds of the travel payment respondents to our survey believe that SCA will increase abandonment, equating to lost sales. Ultimately, if travel agents and suppliers cannot prove the payer is the rightful cardholder there is potential for transactions to fail. So the message is clear: there is still time for travel players to work together now to prepare for SCA’s introduction across the European Economic Area on 31 December.

The ‘SCA action plan for travel’ report can be viewed here.