How people shop online is changing

Retailers have been preparing for the introduction of new Strong Customer Authentication (SCA) requirements to ensure online shopping is safer than ever.

SCA requirements is a set of rules that will change how shoppers confirm their identity when making online purchases, and customers should expect changes in the way they shop online from today (14 March), in a move to combat online fraud.

While SCA rules have applied to a small number of transactions for some time, the proportion of transactions for which SCA requirements apply has been steadily increasing since the start of this year as merchants and Payment Service Providers (PSPs) readied to meet the enforcement date, when all transactions must be SCA-compliant.

Today’s deadline comes almost three years after the SCA requirements were announced in September 2019. As increasing amounts of purchases are being made digitally, it is hoped SCA will help reduce fraud and better protect customers and their money when shopping online.

Customers will now be asked to prove their identity when making a purchase, by confirming two of the following ‘factors’:

  • Something they are – like a fingerprint or facial ID;
  • Something they know – like a passcode or password;
  • Something they have – like a mobile phone.

In practice, this could mean customers are asked to verify a purchase via text message, receiving a passcode which they are then prompted to enter on screen. Other confirmations could include answering an automated phone call to their landline or mobile, or through an app on their smartphone.

Some types of transactions are exempt from SCA; these may be purchases deemed ‘low-risk’ of fraudulent activity, such as low-cost items or repeated purchases such as subscriptions.

Retailers are ready for the change, having been preparing their systems for many months to process these extra security checks. Successful roll-out of the new regulations will also require banks to be prepared for the changes.

Tom Ironside, Director of Business and Regulation at the British Retail Consortium, said: “Retailers have been working hard to prepare for the Strong Customer Authentication requirements, ensuring online purchases are both as safe and easy as possible. The BRC and our members have worked with suppliers to ensure multiple fraud checks are performed behind the scenes and any additional friction is kept to a minimum. Customers should be reassured that buying online has never been safer.”