The New EU Secure Customer Authentication and Copyright Laws to Look Out For
After the commotion resulting from the General Data Protection Regulation (GDPR) in 2019, there’s another set of changes in EU regulations and directives that are going to bring another set of updates.
We’re talking about strong customer authentication (SCA) and a new set of copyright regulations.
We’ve prepared this article for you to get familiar with these laws since you can see yourself impacted by them and adjust your operations to ensure compliance.
EU Regulations and Directives FAQs
Secure online payment rules: SCA or strong customer authentication
What is SCA?
SCA (Strong Customer Authentication) is a new EU regulation that aims to reduce fraudulent credit and debit card payments in e-commerce transactions.
It will take effect on September 14th, 2019, and following that date; banks will reject all payments that don't fulfill the requirements stipulated in the law.
What does it entail?
SCA demands an extra level of authentication when making online purchases. It seeks to create secure online payment methods to prevent fraud. If it were once enough to have the credit or debit card number and the billing address, you'd now need to include at least two out of three of the following factors:
- Something you know: a password, or PIN
- Something you own: a smartphone or a token
- Something you are: a digital fingerprint or other biometric features.
What is this for?
As online purchases multiply, the number of fraudulent purchases or stolen European debit and credit cards similarly increases. The European Central Bank (ECB) estimates that the total number of crimes reaches a value of 1.3 billion euros. The hope is that the number of e-commerce purchases reaches one trillion dollars in 2022. That’s why this new regulation attempts to protect consumers and reduce this type of fraud.
When does SCA get applied?
SCA will only be needed in online purchases that the customer starts, meaning that the customer actively purchases a payment gateway.
In the case of frequent purchases such as subscriptions, etc., it’s viewed as initiated on the part of the business and won’t be subject to authentication.
There are a few other exceptions:
- Low-risk transactions in the case the payment provider and the bank don’t exceed a set number of fraudulent transactions.
- Transactions for less than €30.
- Subscriptions for the same amount at the same business.
- Secure companies that users have previously approved.
How do I get ready for SCA?
Only 25% of European e-commerce sites are aware of the changes to come in September, so it’s worth they get started with putting these changes into practice.
It’s not a straightforward process, so here are some steps to follow:
1. Evaluate your platform’s payment experience
Carry out an extensive analysis of the process your user carries out in your payment gateway to pinpoint where you can make the most subtle changes possible. Remember it’s critical to make it easy for the customer and to ensure they don’t leave the shopping cart before having finalized the payment.
Keep in mind you can choose between different authentication methods for users within SCA’s requirements. Therefore, decide what's best for your business and your customer base.
2. Be sure when SCA is applicable and when it’s not
We told you before that SCA is not always applicable at all times, but the banks in local markets are the ones who have the final word. Every bank can interpret the law differently. Find out how you should act.
If your business operates in different countries, it may be of interest to count on a partner that helps you correctly comply with the legislation across all markets.
3. Try 3D Secure 2
Today, when we make a purchase online, we typically enter our credit or debit card number, and then the bank asks us for a code it sends to our phone number via SMS. This system is known as 3D Secure.
This system has evolved into 3D Secure 2 in light of the new regulation. This new method will serve as a means of authenticating credit and debit card payments and complying with the SCA requirements. The latest version will offer an improved user experience and reduce the friction that can arise when trying to complete an online transaction.
When will it go into effect?
EU member states will have two years to apply the directive into their domestic legislation. Currently, there is no news in Spain concerning the directive.
What are the repercussions?
1. You have to pay special attention to copyright
If we as brands do not want Facebook or YouTube to block our content, we’ll have to carry out a critical analysis of our content creation strategy. It will be vital to check we’re not violating any copyright with music, image adaptations, and so on. If we don’t, our content may never reach our intended audience.
2. You’ll need the author’s explicit permission when sharing any piece of content
We’ll also need to go back to being extremely scrupulous when sharing third-party content that may have something to do with our brand. If we want to publish a photo a user took of our hotel on Instagram, we'll need to have asked for permission before posting user-generated content to prove the user ceded their rights for us to use it.
3. Be especially careful with memes or GIFs
If we tend to share content with memes or GIFs, it’s possible the algorithms will end up blocking them. While it’s a piece of content adapted for artistic or comical ends, some legal experts doubt if they'll end up being outlawed or not as a result of the new directive.
In any case, we should remember that this new directive has not been applied to Spanish legislation, so we have to wait and see to what extent the directive will impact us and what precautions we'll need to take.
In the case of SCA, that change is coming fast, and we want to remind you that you should start getting ready by implementing the new requirements when closing sales on your e-commerce site. You'll be able to optimize the process by having a team of experts and will make it easier for your customers to adapt, as this will be the key for this measure not to harm your online sales.