2021 SCA Predictions
First published: 05/01/2021
updated: 21/10/2022
Fabien Ignaccolo
As we walk into the eye of the PSD2 storm, let’s take a moment to predict what 2021 may look like as the new SCA regulations begin to take effect across Europe.
SCA User Experiences
As SCA finally begins to roll out across the EU and EEA, consumers will get used to a new way of authenticating their identity. Although France and the UK have received deadline extensions, all countries are still faced with the need to integrate banking apps that can optimise biometrics - Preferably with as little user friction as possible.
A critical piece to this puzzle is educating users to understand and embrace the benefits of using newer, highly secure online-transactions methods. If the industry can find an effective way to do so, the dreaded checkout abandonment may be avoided, helping Europe’s e-commerce market reach new heights.
The Death of OTP by SMS?
For years, OTP by SMS has been used as the secure way to authenticate an online purchase, but as SCA becomes a requirement for e-commerce changes have to be made. OTP by SMS is not considered a strong authentication by PSD2 standards, and European issuers have to implement SCA compliant solutions for all their customers. Luckily, authentication through an app has proven to be a safe and cost-efficient method for identity verification, and if it’s done right, it is also SCA compliant.
As a result of this change, we expect to see a strong decline in the use of OTP by SMS. While OTP by SMS will still exist for some uses, e.g. as a last resort for users who do not use smartphones and in some onboarding scenarios, we believe that app authentication will be the future. It makes sense. Not just from a security perspective but also from a financial perspective. The per-authentication-cost is significantly lower for app-based authentication compared to the cost of OTP by SMS.
The regulation will force the change in Europe, but app-based authentication’s positives will spur the change in other parts of the world. We can already see that in Asia, where companies are allocating more resources than ever before to app-based authentication solutions.
The Rise of Digital Identity (eID)
As Covid-19 progressed throughout 2020, Europe continued to see a sharp increase in its digital transactions; however, the lack of proper digital services became more apparent than ever. With no end in sight for these changed circumstances, entire industries were forced to set new digital goals previously thought to be years away.
In that way, a positive outcome of the pandemic is how it fast-tracked the need for better digital services. Suddenly, the future need for eID had become today’s reality. So, as Covid-19 rolls into 2021, you can expect governments and private sectors to take continuous action to meet current eID demands (something we talk even more about in Q3 of 2021 with this blogpost on eWallets).
Looking Ahead to PSD3
With the PSD2 security requirements implemented in many countries, the industry will soon have real-life user feedback to assess SCA’s successes and failures. This data will come in handy in 2021 when we expect to see the first real initiatives towards making PSD3. If you’re thinking it’s still too early to focus on PSD3 - think again. A revised directive was actually a topic of a joint Emerging Payment Association paper published in March 2020.
In countries where SCA has been successful, innovations and delegated authentication measures have become commonplace. The Nordics are perhaps the best example of SCA done right. Here, we can find it used in nearly every facet of life, including communication with government sectors, signing up for higher education, and buying real estate. However, it’s worth noting that such success would not have been achievable without the government’s support or if the consumers refused to trust the SCA providers.
When we compare the Nordics to other countries like the UK or France, it is clear that there is still a long way to go when it comes to unifying the security of Europe’s payment industry. But since SCA also has the opportunity to grow outside of the banking industry, we believe the European Commission will be quick to act. By enabling SCA for the non-banking industry, helping simplify things like new service sign-ups, we expect fierce market competition driving the development of SCA-related technology.
The Internet of Things (IoT) Impact on Payment Security
There are still numerous parts of the world that are not connected to the internet. And by this, we don’t just mean a lack of WiFi or mobile data network. We are talking about the concept of the Internet of Things, which aims to extend the power of the internet by connecting it to, well, everything. Whether objects, environments, animals or processes, by enabling our world to send and receive information on an astronomical scale, IoT has the ability to reinvent the way humans live.
PSD2, although prioritised as a user-security issue, is a perfect extension of IoT philosophy. The faster users can safely integrate their eID with global technology, the faster people will revolutionise the e-commerce and banking industries. This, however, will not come without its fair share of challenges. For example, as the 5G mobile network grows, the payment industry needs to think about how IoT will impact online payment security. After all, 5G (or any future cellular broadband service) is the pathway that makes new applications in IoT possible.
Clearly, PDS3 will not be the end of the line when it comes to SCA. With technologies continuously converging, we must be ready for IoT and machine learning to extend into service areas that currently do not exist. As such, the industry’s greatest hurdle will most likely be crafting a secure system that can send and receive payments within a constantly expanding network of embedded systems and devices.
The Rise of Open Banking
The UK has been the European front runner when it comes to embracing open banking. With nearly 2.5 million people in the UK using open baking-enabled products in 2020 the foothold is there, but we expect to see open banking set a new industry benchmark across Europe in 2021. Open banking will most likely play a big part in revolutionizing the consumer payment experience.
Can we expect 2021 to be the year that the rest of the world catches up too? If looking at the growth of open banking globally, it would be hard to argue otherwise. South America and South-East Asia are two notable regions where open banking has already sparked major interest, influencing other powerful financial markets to step up their game. Perhaps even the United States?
Ultimately, we can see that innovations in the payment-service industry are just around the corner. And as open banking is forced ahead through government-led initiatives, it will only further solidify the crucial need for strong authentication methods.
— — —
Do you have any additional predictions for SCA in 2021? Join the conversation on LinkedIn>>