Managing SCA enforcement changes in Europe

2021-06-09
Managing SCA enforcement changes in Europe

Businesses who have customers in Europe have likely heard about Strong Customer Authentication (SCA) for years, but it’s just becoming a market reality in 2021. SCA requirements are now fully enforced in almost all eligible European countries, signaling a massive shift in the European payment landscape. In Q1 2021, we saw the rate of SCA-authenticated payments in the EU more than double. While these requirements are designed to help reduce fraud and make online payments more secure, they also require significant changes to how you manage your operations and authenticate online transactions. 

We’ve built an SCA engine to help you manage this complexity and adapt to changes in enforcement. If you already process payments through Stripe using an SCA-friendly integration, our SCA engine helps you meet these requirements and automatically optimizes each eligible payment.

Stripe processes hundreds of billions in payments volume each year and as a result, we can identify trends in issuer behavior and factors that negatively impact conversion rates. Here are some of the difficulties with SCA enforcement we’ve seen so far and how our products can help:

Country-specific enforcement rollouts increase operational complexity

The original enforcement date of September 14, 2019 was delayed because both issuers and merchants weren't ready for the new rules. Even after these delays, the enforcement rollout we’ve seen this year has been highly fragmented. Most countries have their own ramp schedules. For example, the Netherlands started full enforcement in January 2021, and the rest of the European Union is expected to follow by the end of June 2021. Full enforcement in the UK is not expected until March 2022. As a result, a business operating across the UK, France, and Netherlands would have to manage three parallel sets of authentication logic. 

How Stripe can help: Stripe lets you avoid this operational complexity. Our SCA engine is built into our Payments APIs, Checkout, and Billing, and is designed to help you meet SCA requirements and maximize conversion with just one integration. We only request authentication when required by PSD2 or by the cardholder’s bank, adjusting to each country’s enforcement timeline to minimize friction.

Inconsistent 3D Secure 2 performance results in unpredictable authentication rates

3D Secure 2 (3DS2) was introduced in 2020 as a streamlined alternative to the original 3DS standard, and is the preferred way to meet SCA requirements because it can support “frictionless authentication.” However, because 3DS2 is still relatively new, it sometimes results in lower authentication rates than 3DS Secure 1, and can be less reliable.

How Stripe can help: To maximize conversion for you, Stripe’s SCA engine dynamically selects the optimal version of 3DS to use based on the issuing bank, which can raise authentication completion rates by as much as 15% depending on the issuer.

Lack of issuer readiness can lead to more declines

During the first several months of SCA enforcement, we’ve seen some issuers unnecessarily decline transactions. When this happens, legitimate transactions that might otherwise have passed an authentication challenge will fail, meaning lost revenue for your business merchants and a poor experience for customers. 

How Stripe can help: Stripe’s SCA engine includes issuer-specific logic that can proactively request authentication, helping to recover up to 22% of those declined payments.

We’ll continue to invest in improvements and updates as the SCA landscape changes. To learn more about our SCA capabilities, get in touch, or check out our guide to SCA.