Retailers are being warned that a lack of preparedness for new EU regulations to prevent online fraud could be costly.
The Strong Customer Authentication (SCA) rules will come into force in September as part of the Second Payment Services Directive (PSD2). They will affect online purchases of €30 or more, and will require retailers, banks and payments providers to authenticate customers through something they “have”, “are”, and “know”.
While banks are largely ready for the changes, retailers have been warned that they face trouble ahead, as a recent survey by analysts at 451 Research and Stripe found that less than half of businesses polled expected to be ready by the autumn deadline.
Uncertainty over the UK’s future in the European Union is also adding to pressure on retailers facing major legislative changes while simultaneously being told to expect Brexit on October 31.
Among those urging retailers to address the issue is digital solutions firm Mitek, whose EMEA MD Rene Hendrikse said: “Sooner rather than later, retailers must recognise the need to invest in anti-fraud technologies. With the new anti-fraud rules, every customer will have to be authenticated by at least two of the following criteria: something they have, something they are, and something only they know.
“Come September, this will be necessary for every online transaction. This could include an ID document, a biometric identifier, and a security question, going beyond simply your card details as is the current standard. This introduces an additional layer of security to defend against the threat of fraud from online transactions – but it also presents a challenge for organisations to implement with only months to go.
“Within the next few months, investing in the right technologies and implementing them quickly and efficiently should be top of the agenda for retailers and e-commerce groups. If not, they will find themselves in serious trouble.”