On 14 March 2022, the UK introduced Strong Customer Authentication (SCA) for online shopping. The rules, mandated by the Financial Conduct Authority, require a two-step verification process for any online purchase over £25 and have been introduced to clamp down on online fraud.
While SCA is a welcome and overdue step in tackling this problem, it is accompanied by significant challenges for both retailers and consumers.
Shoppers are now required to comply with extra security checks to verify their identity and have been warned to expect delays at online checkouts and an increase in payment failures. This will add significant friction in areas where there is poor mobile signal coverage or where retailers have not adequately prepared.
While the extra few seconds on a purchase should be a small price to pay for increased security, research shows that it has a direct impact on consumer habits. According to data from Barclays, as many as one in three UK consumers give up on online purchases if the security checks take too long.
The rules are already having an impact, with new research from Barclays revealing that UK retailers lost £130m in sales in the first month since the introduction of SCA requirements.
Fail to prepare…
So, retailers unprepared for the requirements and unable to adapt to the changes will face an increase in payment failures and could lose customers.
This is especially true for retailers that rely on card payments but can no longer accept them or have a subscription-based payment model reliant on regular card payments. Transactions where payments are rejected without any explanation are responsible for as much as 20% to 40% of subscriber churn.
UK Finance, the trade association for the financial services industry, has warned online retailers of the need to adequately prepare for SCA. The rules have been several years in the making and were originally meant to be implemented as far back as September 2019.
However, even the most compliant and prepared businesses will still be impacted by SCA. This is partly because some online shoppers will be unwilling to submit to extra security checks, but it is mostly because of the inefficiencies, friction and inconsistency of the current system when it comes to verifying customers’ identity.
A new approach is necessary
What we need is a frictionless model built around a digital identity utility that lets people prove their identity at checkout and securely complete their transactions with just a few clicks. This needs to be a standardised, consistent model, in line with current banking apps, in order to build familiarity and trust with customers.
This model can be built around investments already made (such as Open Banking) and data already held by banks, who hold verified identities for 98% of the UK adult population. Not only would it reduce payment failure rates, but it would also help retailers solve other headaches such as accurate age verification.
Furthermore, a functioning digital identity service would also help tackle the rise in other financial scams such as Authorised Push Payments and so-called ‘romance’ scams.
Such systems already exist elsewhere in Europe. Both Sweden and Norway have used their respective bank-based identity schemes as a way to prove identities and authenticate all kinds of transactions, including online purchases. Both have proved effective and have been widely adopted.
Sweden’s Bank-id launched in 2003 and is now the de facto electronic identification system in the country with 6.5 million active users, which accounts for 94% of smartphone users.
Meanwhile Norway’s BankID scheme has reduced payment fraud from 1% to just 0.00042% of transaction value.
In summary, retailers shouldn’t have to compromise to meet SCA requirements and consumers shouldn’t have to compromise to be secure.
UK banks have verified the identity of the vast majority of the UK’s adult population and the infrastructure to support secure checkouts without introducing new friction for customers already exists. The solution can be implemented, and data can be securely shared by leveraging the investment already made in Open Banking, enabling people to prove who they are quickly and simply. This doesn’t need huge investment or legislative change; it just needs action from the banks and retailers to adopt.
Martin Wilson is CEO of Digital Identity Net
More on cybersecurity from GlobalData:
GlobalData cyber security market forecast & industry insight
GlobalData cybersecurity market forecast & industry insight