Companies rolling out anti-fraud measures despite delay

Strong Customer Authentication (SCA) generally sends a passcode to a customer's mobile number to ensure a transaction is genuine.

If a transaction is over £28, payment providers will be required to ask for extra verification through the websites of retailers.

While the full enforcement of SCA has been delayed by the Financial Conduct Authority (FCA), websites like John Lewis are beginning to implement it anyway.

What is SCA?

SCA is part of an EU-wide initiative to tackle card fraud which forces companies to use a second layer of authentication when transactions are over £28.

It's designed to operate rather like a debit card does - customers can use contactless up to a set amount but then they need to enter their PIN number as a second method of verification.

Under SCA, customers will generally receive a text message with a passcode that will expire within a few minutes. They need to enter that code to complete the transaction.

Alternative methods of authentication could include a smartphone finger or thumbprint or voice recognition.

SCA was supposed to come into force as per the EU directive on 14 September, but the FCA has said they won't enforce it until March 2021.

Although this has delayed implementation for many, some banks and payment providers are getting ahead of the curve by bringing the change in now.

Customers of John Lewis, for example, have been contacted by the retailer to alert them to the changes they might encounter as SCA is rolled out.

As well as impacting online payments, SCA could see customers in stores being asked to enter PIN numbers when making contactless payments or using their mobile wallet.

Delay due to disruption

The implementation date of 14 September was criticised by retailers and banks as unrealistic, with many providers saying they couldn't be fully prepared in time.

This led to tangible fears of disruption to retail payments which, the British Retail Consortium suggested, would have reduced the number of UK e-commerce payments by up to 30%.

If, for example, a bank didn't have the correct mobile number for a customer or if the signal was sketchy, many transactions could have been abandoned without being picked up later.

Last December, there were a flurry of warnings that retailers were rolling out the changes earlier than required and predictions of chaos in low-signal areas over Christmas.

However, it seems more providers are rolling them out this year, with the FCA saying it expects the measures to be introduced gradually over the next 18 months until they begin enforcing compliance.

Targeting fraud

SCA is one example of the way in which both the UK and EU are attempting to combat various types of fraud.

In the UK, we're expecting the implementation of Confirmation of Payee in March 2020, which will force banks to check the name of the recipient of a transfer alongside its intended recipient.

It was supposed to be implemented earlier this year, but deadlines were labelled as 'unachievable' by banks and the Payment Systems Regulator (PSR) subsequently delayed it.

A more successful scheme is the Banking Protocol which tackles fraud in-branch by training staff to spot fraudulent activity and address it quickly.

The Protocol was first established in October 2016 and had led to 408 arrests and saved potential scam victims £48m by February 2019.