In an earlier blog post, we outlined how the second EU Payment Services Directive (PSD2) will bring about important changes to e-commerce across Europe over the coming year.
Looking beyond the password
In essence, PSD2 requires that strong customer authentication (SCA) be applied to all online payments within the EU through two-factor authentication. Once rolled out, push notifications on mobile phones, facial recognition and fingerprint scanning are among the ways this extra level of verification will be conducted. PSD2 and SCA aims to make online payments more secure, reduce fraud, improve user experience and continue to foster new innovation.
Proposals how to implement PSD2 were outlined several years ago but some technical requirements weren’t confirmed until earlier this year, prompting complaints from some companies that they haven’t had enough time to prepare.
As a result, some affected enterprises have been lobbying local regulators for an extension because they felt they wouldn’t be able to get ready in time for the initial deadline.
The deadline was originally set to come into force on September 14, 2019 but the Financial Conduct Authority (FCA) confirmed an 18-month delay for the introduction of SCA rules last August in order to give businesses and retailers struggling with the new regulations more time to introduce the new payments security measures.
On October 18, 2019, the Finnish Financial Supervisory Authority followed suit and set Dec 21, 2020, as the new deadline for implementation of SCA in online card payments.
If it sounds like it’s been a messy and complicated process, it has. But the good news is, almost everyone now agrees we need to harmonize how we secure online payments. However, some obstacles still remain and I think usability is going to become the next hot topic over the coming months.
Can UX and SCA be friends?
Consumers don’t accept that security should slow things down. This lack of customer patience is illustrated neatly by checkout abandonment rates. Recent data from the Baymard Institute found that the average cart abandonment rate is just under 70 percent. Mobile users have an even higher abandonment rate of 85.65 percent. This shows the importance of fully optimizing your e-commerce store.
The entire user journey and online experience needs to be seamless, fast, and secure. Users won’t stick around if they encounter problems or if the security checks are too intrusive.
Since the technical changes are ongoing, it is uncertain how PSD2 will affect the user experience online. One of the biggest concerns right now is what PSD2 will do to usability. Will the changes be a cause of annoyance to consumers, for example?
I expect that customers will quickly get used to two-factor authentication. However, at first, it could lead to some drop-offs at checkout.
The reason is simple: customers first have to register something they own—their smartphone, for example—with their payment service provider so they can complete the two factor authentication. Although this is quick and easy, not every customer will feel like doing that before checkout and some will inevitably stop the transaction.
One click shopping
Before the PSD2 implementation, most online stores allowed payments with just one click, given that credit card info can be stored from earlier transaction. After PSD2, credit card information will no longer be sufficient when paying for online purchases; instead, consumers are required to authenticate themselves in other ways using bank codes, single-use SMS passwords or fingerprints, for example.
So due to SCA, one extra step will be added to the process. Building authentication into your checkout flow could add friction and increase customer drop-off.
In addition, there may also be new payment providers to integrate at checkout. This can be a double-edged sword: more payment options allow consumers to choose which option works best for them; on the other hand, it’s possible that too many buttons and payment options cause confusion at checkout.
Despite the challenges, the important thing to remember is that the new rules apply to all customers in all online shops. So two-factor authentication will soon be normal for everyone. The key is in coming up with the best way to handle these new mandatory security steps in user-friendly way.
On one end of the spectrum you have safety and on the other you have usability. As we highlighted in another PSD2 blog post about Black Friday, it’s hard to predict how online shoppers will react to the new situation, as different consumers value different things.
If consumers value safety over ease of use, online stores providing SCA will have the edge. However, if consumers value ease of use, they will likely choose the simpler option without the extra step of authentication.
There are already early adopters who have implemented SCA on their services. Time will tell whether these merchants are gaining an advantage by introducing the security steps early or if they risk alienating existing consumers who will end up going elsewhere.
One thing is for sure: a lot has changed in online shopping – both for consumers and for retailers. To help maintain your competitive edge, I recommend downloading our free business insight report.