SCA is a new set of rules from the Financial Conduct Authority (FCA) to help protect customers from fraud when they are shopping online, UK Finance explains. With increasing amounts of purchases being made online, these new rules will help to ensure that customers are safe when shopping and their money is better protected.

The changes will mean that when customers buy something online, they will be asked to verify their identity, for example, through their banking app or a one-time passcode via text or phone call.

From 18 January card issuers started declining some non-compliant transactions, with all non-compliant transactions being declined after the 14 March deadline. Now that the deadline has passed, Daniel Holmes, fraud prevention SME at financial RiskOps platform Feedzai, offered the IT Security Guru readers some insights on the implications of SCA coming into effect:

One of the consequences of this change is that SCA will create additional friction and authentication requirements during the consumer check-out process. Despite some attempts to manage consumer expectations in the lead up to this change, it will take time for them to adapt to the new requirements.

While it is too soon to back this up with data, it is likely that SCA will create consumer confusion in the short term, potentially leading to an increase in abandonment as consumers react to the new user experience. Banks need to ensure their consumers embrace the new user journey if they want to keep their card ‘top of wallet’. To do this the banks must be savvy with several things, including:

What does the future for SCA look like? Only time will tell, but this is certainly not the end. SCA was introduced to tackle unauthorised fraud. Since the legislation was shared, the industry has seen a huge swing towards scams and authorised fraud. SCA may well inadvertently accelerate this shift, bringing down unauthorised fraud, but pushing up authorised fraud.

Furthermore, many businesses will have delivered their SCA strategy in a ‘tick box’ fashion, in order to hit the regulatory deadline. It is likely these strategies will mature and improve as consumer feedback is gathered and as banks observe best practices from around the industry.

Banks may begin exploring delegated authentication in an attempt to streamline the user experience. This practice enables banks to effectively outsource their cardholder’s authentication requirements to the merchant. Banks will of course require confidence that the merchant can execute strong authentication controls, and ensure that their cardholder remains secure as well as satisfied with the service they receive.


The post Strong Customer Authentication (SCA): what to expect appeared first on IT Security Guru.


You May Also Like

Armis Launches new ‘Critical Infrastructure Protection Program’

Today, Armis has announced the Critical Infrastructure Protection Program (CIPP) to help…

Ukrainian machines hit with another Malware variant

Security researchers have discovered the fourth destructive malware variant targeting Ukrainian machines…

DDoS attack hits Ukraine Defence and Bank Networks

The attacks knocked out the Ukrainian defence ministry’s website and two bank…