View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Comment
June 13, 2022

Improving cybersecurity: new SCA rules will reduce fraud, but at what cost to retailers?

Extra security checks for online purchases will reduce fraud but they could also cause e-commerce chaos for unprepared retailers unless a new frictionless approach to verification is adopted, says Martin Wilson

It is estimated that more than 5.1 million cases of online fraud are reported every year in the UK at an annual cost of £367million – roughly equivalent to more than £1m a day in losses.

Free Whitepaper
img

Never Trust, Always Verify: Is Zero Trust the Next Big Thing in Cybersecurity?

Cyberattacks continue to rise every year and no sector seems to be immune. Hackers target sensitive information such as organizational, client, and financial data, as well as intellectual property (IP) and proprietary functions. As digital transformation becomes a top priority for many organizations, traditional perimeter-based security models are no longer sufficient to address the growing cybersecurity concerns. Against the backdrop, enterprises explore zero trust as it takes a micro-level approach to authenticate and approve access at every point within a network. Reasons to read: The cybersecurity landscape is swiftly changing, and businesses need more awareness to meet the evolving change. The report highlights the current state of play and the future potential of the zero trust approach in cybersecurity to protect critical digital infrastructure of enterprises across sectors such as financial services, healthcare, telecom, and transportation, among others. Read our report and gather insights on the following topics:
  • Traditional vs zero trust protection
  • Key advantages and solution providers
  • Major industries and key players
  • Drivers and challenges
  • Top funded startups and Mergers & Acquisitions
  • Implementation challenges
by GlobalData
Enter your details here to receive your free Whitepaper.

On 14 March 2022, the UK introduced Strong Customer Authentication (SCA) for online shopping. The rules, mandated by the Financial Conduct Authority, require a two-step verification process for any online purchase over £25 and have been introduced to clamp down on online fraud.

While SCA is a welcome and overdue step in tackling this problem, it is accompanied by significant challenges for both retailers and consumers.

Shoppers are now required to comply with extra security checks to verify their identity and have been warned to expect delays at online checkouts and an increase in payment failures. This will add significant friction in areas where there is poor mobile signal coverage or where retailers have not adequately prepared.

While the extra few seconds on a purchase should be a small price to pay for increased security, research shows that it has a direct impact on consumer habits. According to data from Barclays, as many as one in three UK consumers give up on online purchases if the security checks take too long.

The rules are already having an impact, with new research from Barclays revealing that UK retailers lost £130m in sales in the first month since the introduction of SCA requirements.

Fail to prepare…

So, retailers unprepared for the requirements and unable to adapt to the changes will face an increase in payment failures and could lose customers.

This is especially true for retailers that rely on card payments but can no longer accept them or have a subscription-based payment model reliant on regular card payments.  Transactions where payments are rejected without any explanation are responsible for as much as 20% to 40% of subscriber churn.

UK Finance, the trade association for the financial services industry, has warned online retailers of the need to adequately prepare for SCA. The rules have been several years in the making and were originally meant to be implemented as far back as September 2019.

However, even the most compliant and prepared businesses will still be impacted by SCA. This is partly because some online shoppers will be unwilling to submit to extra security checks, but it is mostly because of the inefficiencies, friction and inconsistency of the current system when it comes to verifying customers’ identity.

A new approach is necessary

 What we need is a frictionless model built around a digital identity utility that lets people prove their identity at checkout and securely complete their transactions with just a few clicks. This needs to be a standardised, consistent model, in line with current banking apps, in order to build familiarity and trust with customers.

This model can be built around investments already made (such as Open Banking) and data already held by banks, who hold verified identities for 98% of the UK adult population.  Not only would it reduce payment failure rates, but it would also help retailers solve other headaches such as accurate age verification.

Furthermore, a functioning digital identity service would also help tackle the rise in other financial scams such as Authorised Push Payments and so-called ‘romance’ scams.

Such systems already exist elsewhere in Europe. Both Sweden and Norway have used their respective bank-based identity schemes as a way to prove identities and authenticate all kinds of transactions, including online purchases. Both have proved effective and have been widely adopted.

Sweden’s Bank-id launched in 2003 and is now the de facto electronic identification system in the country with 6.5 million active users, which accounts for 94% of smartphone users.

Meanwhile Norway’s BankID scheme has reduced payment fraud from 1% to just 0.00042% of transaction value.

In summary, retailers shouldn’t have to compromise to meet SCA requirements and consumers shouldn’t have to compromise to be secure.

UK banks have verified the identity of the vast majority of the UK’s adult population and the infrastructure to support secure checkouts without introducing new friction for customers already exists. The solution can be implemented, and data can be securely shared by leveraging the investment already made in Open Banking, enabling people to prove who they are quickly and simply. This doesn’t need huge investment or legislative change; it just needs action from the banks and retailers to adopt.

Martin Wilson is CEO of Digital Identity Net

More on cybersecurity from GlobalData:

Top trends impacting cybersecurity in 2022

Why does cybersecurity matter for businesses?

What is a cyberattack?

Cybersecurity threats in aviation

GlobalData cyber security market forecast & industry insight

GlobalData cybersecurity market forecast & industry insight

Free Whitepaper
img

Never Trust, Always Verify: Is Zero Trust the Next Big Thing in Cybersecurity?

Cyberattacks continue to rise every year and no sector seems to be immune. Hackers target sensitive information such as organizational, client, and financial data, as well as intellectual property (IP) and proprietary functions. As digital transformation becomes a top priority for many organizations, traditional perimeter-based security models are no longer sufficient to address the growing cybersecurity concerns. Against the backdrop, enterprises explore zero trust as it takes a micro-level approach to authenticate and approve access at every point within a network. Reasons to read: The cybersecurity landscape is swiftly changing, and businesses need more awareness to meet the evolving change. The report highlights the current state of play and the future potential of the zero trust approach in cybersecurity to protect critical digital infrastructure of enterprises across sectors such as financial services, healthcare, telecom, and transportation, among others. Read our report and gather insights on the following topics:
  • Traditional vs zero trust protection
  • Key advantages and solution providers
  • Major industries and key players
  • Drivers and challenges
  • Top funded startups and Mergers & Acquisitions
  • Implementation challenges
by GlobalData
Enter your details here to receive your free Whitepaper.

NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. A weekly roundup of the latest news and analysis, sent every Wednesday.
I consent to GlobalData UK Limited collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED

THANK YOU

Thank you for subscribing to Electronic Payments International