Ai Editorial: PSD2 SCA 2020 - how to go about it as a travel merchant?

10th January, 2020

Ai Editorial: The PSD2 Strong Customer Authentication (SCA) migration completion deadline for online payments in Europe continues to be a weighty issue, with concerns about the preparedness and compliance still coming to the fore, writes Ai’s Ritesh Gupta


The SCA requirements were originally planned for the 14th of September last year (with new migration completion deadline being 31st December 2020), but still concerns pertaining to PSD2 making online shopping more difficult and the same negatively impacting cart abandonment rates in the initial years of implementation are being highlighted.

As for the travel sector, a study by Amadeus in September had indicated that only one in three travel merchants were expected to be SCA-ready for the September-2019 deadline. The report featured 50 large travel firms (€1billion+ revenue).  


All the stakeholders acknowledge the complexity of the payments markets across the EU and the hurdles resulting from the amendments that are needed.

As per the findings of a survey in December last year, (commissioned by Riskified, featuring 2,000 consumers and 200 retailers evenly split across the UK, Germany, France, and Spain):

  • A third of shoppers would leave a site/app when asked to verify their identity.
  • 80% of European retailers expect that PSD2 will negatively impact cart abandonment rates. Nearly 50% expect a significant increase (of 20% or more) in shopping cart abandonment rates.
  • Almost 40% of European merchants are pessimistic about PSD2’s ability to curb fraud.

The top three authentication methods being studied by issuers include; One Time Passwords (OTP) (SMS to a mobile device), authentication within a mobile banking app, and 3DS. Among these, OTP and 3DS authentication are expected to adversely impact the user experience. Specialists recommend that merchants should use exemptions where possible. Also, by using fingerprints or facial recognition, one can combat fraud while also increasing convenience for consumers.  

PSD2 SCA 2020 plan   

Even as the European Banking Authority asserted that the definition of SCA had been set out in PSD2 when it was published in 2015, a section of the industry states that the authority has failed with PSD2 at least in the short-term.  Moving on the industry clearly needs to make fraud prevention and compliance efforts a priority. In terms of how the roadmap is going to shape up this year, the extension offers various players (issuers, acquirers, PSPs and merchants) extra time to entirely support EMV 3DS 2.1 and 2.2 by the end of this year. One can expect an incremental EMV 3DS execution with the new deadline.

Merchants need to test, preferably a flexible offering that can set up both 3D Secure 1 and 2 authentication protocols. This way if a specific issuer isn’t ready to support 3DS2, then the offering will by default redirect transactions to 3DS1.

Ingenico ePayments recommends following steps to prepare for the authority’s deadline:

By March 2020: integrate 3DS in your payment flow

  • For merchants who have not implemented 3D yet, recommendation is to go straight to EMV 3DS 2.1 (skipping the implementation of version 1).
  • For merchants who already have 3DS version 1, recommendation is to start implementing EMV 3DS 2.1.

By July 2020: use EMV 3DS 2.1 in your payment flow or be ready to do Step Up with EMV 3DS 2.1

By September 2020: SCA exemptions are available with EMV 3DS 2.2, if exemptions are not supported than all transactions will require 3D.

With this incremental approach, merchants will fully support EMV 3DS 2.2 by the 31st of December 2020.


Keen on exploring fraud prevention and payment-related issues?

Check-out Ai’s conferences scheduled for 2020: