Close this search box.

Why online retailers must get a grip on Strong Customer Authentication

Judy Nguyen

Judy Nguyen

Promoted Content

Last year was an extraordinary year for e-commerce, with UK online sales an astonishing 50% higher in August compared with February, according to ONS statistics*. However, the boom for online commerce was not without its challenges as merchants sought to manage greater supply chain pressures and the need to upscale deliveries.

In addition to this increasingly demanding environment, there are more significant changes on the horizon this year, namely the ongoing rollout of Strong Customer Authentication (SCA) – a new, central element of Europe’s revised Payment Services Directive (PSD2) legislation. In practical terms, SCA brings additional security authentications for certain e-commerce transactions, a process designed to add an extra layer of fraud protection when cardholders make an online payment.

SCA officially came into law across the EEA and UK in September 2019, but it’s only from 1st January 2021 that many national regulators across the region are actively enforcing the regulation.

However, despite the legislation having already come into force for many, some online retailers are yet to begin taking the necessary steps to integrate SCA. If they don’t act soon, they risk payment providers declining transactions, which could ultimately lead to a loss of revenue and cause unnecessary friction, potentially driving customers away. And, while in the UK, the Financial Conduct Authority has confirmed a revised enforcement date of 14 September 2021, other countries’ regulators are requiring the industry to ramp up SCA now.  It therefore is imperative for merchants to take immediate action to be ready for the implementation of the SCA requirements.

The challenge for online retailers is to strike the right balance between authentication and seamlessness. This is not simple given the growth of new e-commerce customers has also led to a corresponding rise in payments fraud –  over £16 million lost to online shopping fraud during the first lockdown in the UK, according to Action Fraud.** As such, implementing the technology to allow for SCA has never been more important.

However, there are clear steps online retailers can take to implement an SCA solution to enable them to continue to offer a secure and seamless checkout experience for their customers.

Creating a seamless experience using industry standards  

EMV® 3-D Secure (3DS) has been created as the global industry standard, enabling merchants to undertake SCA integration for all major networks saving time and resources – both of which are a priority for many merchants in the current climate.

With online transactions representing an increasingly large part of many businesses’ operations, it’s vital that merchants take advantage of this new, standardised technology to help minimise the disruption to the checkout process without compromising customer security.

Data is king

When it comes to streamlining the transaction process, merchants can start by incorporating and maximising data insights. As part of this, merchants should look to adopt technology that doesn’t require any additional input from the consumer. 3DS does just that – by providing data insights on the purchasing journey, issuers are able to model risk and, where PSD2 exempt, minimise levels of challenge rates – ensuring a smooth purchasing journey and, in turn, reducing basket abandonment.

Tried and trusted

Whilst maintaining fraud protection for consumers and merchants alike, cardholders can select merchants as ‘trusted’ and be exempted from the requirements of SCA, to further support a seamless customer experience.

As online retailers grapple with ongoing uncertainty, every single purchase counts. That’s why at American Express we recently launched SafeKey 2.2, a security solution that leverages the global 3DS industry standard.

With just a few months until the UK regulations come into play, online retailers should waste no time in implementing technology to ensure they are SCA-compliant, without compromising consumer experience.

To find out more about how SafeKey will help protect your business and support a smooth online checkout experience, visit our website We have recently simplified the merchant set up process; merchants no longer have to enroll directly with American Express and can start using SafeKey as soon as they have completed technical set up with a certified 3DS Server (MPI) Provider.  For a list of certified 3DS Servers please visit

By Judy Nguyen, Vice President of Network Product Development & Management, American Express

American Express Payment Services Limited is authorised and regulated by the Financial Conduct Authority.

* Office of National Statistics data on retail sales: Link

** Action Fraud statistics data Link

Read More