Highlight From Ekata's SCA Whitepaper

As PSD 2 rollout date approaches it is interesting to see how different players in the e-payment ecosystem approcach this challenge. We, at PaymentsOp, constantyl looking for new reserch result and surveys to keep up to date with the latest developments in the industry. One of the interesting whitepapers that came our way lately was Ekata's survey on PSD and SCA readiness among payment service providers. At the beginning of 2020, Ekata carried out a detailed survey of 36 European PSPs (Payment Service Providers) and investigated business willingness to follow PSD2 SCA regulations.


What caugh our eye in Ekata's survey?

Below listed a few highlits from the whitepapet that may be of interest to our readers.


1. Vendor Readiness

In the survey done by Ekata, the results indicated an encouraging number of processors who are ready for the world of PSD2 SCA. It showed that out of the 36 PSPs interviewed 32(89%) are already following 3DS. Some even have 3DS2.2 and others are trying to set up their 3DS services. Only 6% of PSPs said that there will be no availability of 3DS.


2. SCA: A Strategic Opportunity for Vendors

When the survey studied the challenges of PSD2 for PSPs, then 80% of the respondents regarded SCA as a strategic opportunity for their business. While surveying the PSPs and acquirers, four segments were highlighted and these include: the leader, the challengers, the laggars, and the question marks. There is a significant gap between the leaders and challenger and the rest of the vendors.


The Leaders are bigger vendors that are treating PSD2 SCA as an opportunity to differentiate themselves from their competitors. These had already a clear strategy to implement SCA but the deadline extended. The leaders offer full responsibility for the fraud from the merchants. Moreover, many of the leading PSPs are planning to help the merchants by reducing the cost and increasing payment acceptance by establishing an active and reliable routing platform.


The Challengers include small companies that are taking SCA regulations as a challenge that they are determined to turn into a unique opportunity for the betterment of their market share. They are already acknowledging the fact that SCA is the future. Therefore, they are investing today because they know it will benefit them in the longer term.


The Laggards are vendors that are trying their best to follow the regulatory guidelines of SCA, but they are lacking yet in providing much to their merchants.

The Question Marks are a group that contains 42% (!) of vendors, these providers are charachterized by their unclear position in regards to SCA.


3. SCA: Terra Incognita for Many Merchants

It’s noteworthy that the level of awareness in vendors is high, but when it comes to merchants the level shows variation. The vendors that invested in communication with their merchants managed to raise awarenes of the SCA among approximately 80% of the merchants. However, the surveys also revealed that despite the high awareness, the understanding of the SCA's challenges and exemptions among the merchants is much lower.


4. SCA Excemptions- A Realistic Outlook

The following exemptions may apply to merchants and exempt their transaction from SCA:

  • Low-risk transactions

  • Low-value transactions (LVP)

  • Whitelisted transactions

  • Corporate transactions

  • Lodged and virtual card number payments

  • Transaction Risk Analysis (TRA)

As per the findings of the survey, about 75% of the merchants may qualify for at least one exemption type.


The majority of the payment service providers that were interviewed were willing to apply the highest exemption level to their merchants,however, they believed that only time will reveal if that this is realistic or not. Other providers considered it unrealistic to implement a 0.01% fraud rate to the whole portfolio, including the high-risk businesses, without affecting conversion.

The vendors, about 82%, which have a fraud ratio greater than the fraud threshold set by SCA are likely to favor the widespread enforcement of SCA to lower the fraud risk and increase the number of TRA exemptions that they can offer to their merchants as per their interest.


5. COVID-19 And PSD2

COVID-19 has imposed major impacts on the perspective of people regarding digital and contactless payment methods. According to a recent Forrester study about the European payment sector, about 1 out of 5 adults in the European Union were introduced to digital payment methods, including contactless, mobile, and digital wallets, for the first time during COVID-19 first wave.

The pandemic is an indication of a future where digital and contactless transactions will predominate. The major feature that gave digital transactions a rapid push during the pandemic is the speed and ease of use associated with them. But everything comes with benefits as well as some drawbacks. In the case of digital payments, the chances of fraud are significantly higher. So, in a world of digital and contactless transactions, anti-fraud security innovation will be pivotal to businesses.

The laws and regulations designed under PSD2, such as SCA, serve as major anti-fraud security innovations for protected digital transactions. This serves as a major strategic tool for any organization. PSPs are recognizing the importance of SCA by optimizing TRA and Risk-Based Authentication models. The number of companies that consider SCA as a strategic tool to businesses has increased from 81% to 95% which is a significant number that indicates the increased importance of SCA during the pandemic.


6. Ekata's Strategies Of Success

In the conclusion of the survey, Ekata provided advice on the best strategies required to unlock the potential of PSD2 SCA. These include:



1. Communication And Collaboration

The major distinction between a leader and a laggard is strategy. About 80% of all the PSPs that were surveyed considered SCA as a strategic part of their business and the leaders made their customers a priority all the way. Leaders kept a consistent and clear communication level with the customers which were listed as a success strategy by Ekata.


2. Awareness Of Merchants

Amid the changing circumstances, there is huge pressure on merchants due to multiple challenges that arose due to widespread lockdowns in the pandemic. PSPs and Acquirers are fully aware of these challenges and the pressure that merchants are facing under this climate. And, here are some ways they are working for the awareness of merchants to ease their burden:

  • Education of merchants to ensure SCA enforcement with minimum actions needed.

  • Making effects to get all the merchants onto 3DS, version 2 preferably.

  • Ensuring that the merchants fully understand the out-of-scope transactions.

  • Ensuring merchants respond to the customer issues to resubmit transactions without SCA via 3DS.

  • Pay attemtion to small and medium businesses.

The survey revealed that the top 20 merchants in Europe constitute less than 20% of the e-commerce market and the major contributors to the e-commerce market are the small and medium merchants. So, it is where the acquirers and PSPs can focus their attention and especially on those merchants who will expand as the industry grows.


3. Data Importance

When it comes to good TRA models with low-risk exemptions, another strategy that most leading PSPs are following to keep themselves ahead of the competitors is the building of their internal fraud management capabilities and acknowledging the importance of good data. SCA makes it easier for PSPs to get rich data across the merchants, and about 80% of these PSPs aspire to take advantage by developing tools themselves or by collaborating with a third-party.

This may lead to better TRA models that PSPs can implement which consequently leads to better exemption rates that their merchants may get.


4. Understanding Issuer Behavior

The implementation of the 3DS2 is a way for merchants to share more data with issuers. This enables the issuers to make more informed authentication decisions. An issuer faces more friction concern than acquirers so it is important.

Another major concern of the issuer is data protection. To eliminate this concern, major banks are creating application programming interfaces (APIs) to deliver data in an easily readable and comparable form. This is a plus point for the banks, but it gives criminals an easy opportunity to execute rapidly increasing social engineering attacks.

The leaders and some of the challengers understand that understanding the issuer's behavior and their overall risk threshold is a strategy to stand out in comparison to competitors.


To download the whitepaper please follow the link.