Why Australian retailers should be concerned about the EU’s Strong Customer Authentication

Australia’s eCommerce market is one of the fastest growing markets in the world, with a compound annual growth rate of about six percent. By 2023, it’s expected to be worth over AUD $37 billion. At the same time, Card Not Present (CNP) fraud, which represents about 85 percent of all fraud on Australian credit cards, diminishes this number by costing Australian retailers nearly half a billion dollars every year according to payments platform, Adyen.

In a bid to reduce the spiralling CNP payment fraud problem, businesses across the European Union have been preparing to introduce Strong Customer Authentication (SCA), which is set to be the biggest change to how people pay for things online. It’s part of the Payments Service Directive (PSD2), which mandates that banks and other organisations selling to European Union countries must implement two-factor authentication on all eCommerce transactions above 30 Euros.

The new SCA payments regulations came into force last month and are set to be as impactful as GDPR, but the odd thing is that few people in Australia are talking about them or seem to be the slightest bit concerned. However, there are moves to replicate the regulations here and the local organisation that is championing the payments industry, the Australian Payments Network (AusPayNet), is pushing for similar security measures including  CVV checks, Address Verification System (AVS) and 3D Secure.

The impact on Australian retailers

With top Australian fashion labels getting much of their web traffic and sales from overseas these days, the impact of ignoring these new payments rules will limit the revenue that comes from their European-based customers. And with the Australian retail environment continuing to struggle under economic pressures, they should be doing everything in their power to maximise sales.

What it really means is that if a retail business in Australia conducts a fair number of sales with European customers, but does not comply with SCA regulations, then payment transactions will be affected. SCA is not legally required for businesses outside of Europe, but it is expected that several European banks’ credit cards will require SCA for all payments, regardless of where a business is located.

Simple authentication as a competitive market

With the introduction of SCA, retailers that want to maximise foreign transactions and remain competitive will have to build a second layer of authentication into their checkout flows. Customers will no longer be able to just use a credit card number to complete a purchase. They will need to use another authentication method to prove that they really are who they say they are, and these can range from a fingerprint, password, PIN, one-time passcode, or hardware security key.

The trouble is, how do you accomplish such a task without compromising on usability and customer experience? According to a recent Ponemon survey, 62 percent of respondents say they could not complete a purchase or other online transaction because they could not remember their passwords. Almost half (47 percent) of respondents say a transaction could not be completed because they did not have mobile phone access to receive a code for verification or were not able to use an authenticator app.

Better Security, Ease of Use & Accessibility

The answer to the eCommerce security conundrum lies in WebAuthn - the first globally accepted set of open authentication standards built to provide strong, phishing-resistant protection while simplifying the authentication process for accessing online accounts. These standards are available for any retailer to implement and offer some key benefits that will set them apart.

One of the advantages of WebAuthn is that there is already widespread adoption of the technology across all major browsers, operating systems and devices. To date, Microsoft Edge, Mozilla Firefox, Google Chrome, Google Android and Apple Safari Technology Preview 83 have already added support for it. Additionally, the availability of built-in authenticators (like biometric readers) on computers and phones is growing, which is providing users with new, seamless options for authentication.

This means that retailers can now offer fast, convenient, and secure authentication options that all users will have access to regardless of what kind of device or operating system they are using.

Furthermore, retailers have the choice to implement single-factor, two-factor, or multi-factor authentication login flows with WebAuthn, including the option for a passwordless experience. This alone can improve customer experiences, drive brand loyalty, and reduce the costs associated with password management. The sheer number of passwords each individual needs for their daily digital activities inevitably results in forgotten passwords, password resets, or at the worst, account takeovers due to weak or reused passwords. WebAuthn replaces weak static password credentials with strong public key cryptography with origin checking to prevent phishing.

Key points to consider

Given that Europe is the first area of expansion for many Australian businesses when going global, SCA compliance must be a key consideration when assessing the complexities of establishing a successful brand. Strong authentication can help Australian retailers differentiate themselves, and with WebAuthn, organisations can now support users on all devices and enhance their security by getting rid of passwords altogether.