Stripe Rolls Out SCA-Compliant Authentication For Smoother Checkout

June 9, 2022
Stripe has released a new strong customer authentication (SCA) compliant feature that enables customers to authenticate purchases within the checkout flow.

Stripe has released a new strong customer authentication (SCA) compliant feature that enables customers to authenticate purchases within the checkout flow.

The new authentication feature enables transactions to comply with the EU and UK’s SCA requirements without purchasers being redirected to a banking app or having to enter a one-time passcode.

London-based Wise will be the first card issuer to use Stripe’s delegated authentication, which means that cardholders will no longer be redirected to their Wise app when authenticating purchases from Stripe businesses.

Instead, they will be able to use any biometric authentication method supported by their device without the need to leave the checkout flow. Users of the iPhone, for example, might be given the option to authenticate with Face ID.

Stripe claims its new delegated authentication feature makes the checkout process easier and faster.

It embeds biometric authentication into the merchant’s checkout while passing responsibility for authenticating transactions from card issuers to Stripe.

The company has said businesses that use this authentication method for Wise cardholders, such as TikTok, Nando’s and Deliveroo, have already seen a 7 percent increase in payment conversion.

In addition, the authentication process is four times faster compared with purchasers being redirected to their banking app or being sent a one-time passcode.

“Our delegated authentication feature is a powerful lever to increase the payment conversion of merchants on Stripe, which means more money into their topline without asking them to lift a finger. Across all SCA-covered transactions, this could save billions for businesses every year,” said Matt Henderson, EMEA business lead at Stripe.

Banks may have a say too

Since March, UK firms are required to fully comply with SCA rules and ensure they identify payors via at least two independent factors in online payments to reduce payment fraud.

If fraud occurs, however, the issuing bank is liable and the business is not exposed.

This could prompt banks to insist on transactions being processed through their apps.

In April, the European Banking Authority (EBA) clarified that when banks opt to redirect the authentication flow, which they typically do for the sake of security, payment processors should abide.

“Therefore, in accordance with Article 30(3) of the Delegated Regulation, PISPs (payment initiation service providers) and AISPs (account initiation service providers) should follow the technical specifications set out by the ASPSP (i.e. bank) when accessing the ASPSP’s interface,” the EBA said.

“Where the ASPSP has opted for a redirection or a decoupled approach and does not allow in its documentation the possibility for the PISP/AISP to transmit the PSU’s (i.e. customer) credentials to the ASPSP, the PISP/AISP should redirect the PSU to the ASPSP’s domain to authenticate and should not introduce an approach for sending the PSU’s personalised security credentials to the ASPSP that is different to the approach envisaged by the ASPSP in the technical specifications of the interface.”

Despite this, many banks may see advantage in passing authentication of transactions over to companies such as Stripe as in the long run, if it can be proven to increase payment conversion while maintaining security, it could mean increased revenues for the bank.

Based on early indicators, SCA does seem to be successful in cutting fraud in the UK. For example, Nationwide, the UK’s largest building society, published data last month showing that it was now seeing 2,000 fewer cases of fraud per month as a result of SCA.

However, the requirement also appears to reduce legitimate economic activity.

In the first month of SCA, the industry raised concerns that many online businesses are still not fully compliant with SCA. As a result, merchants generated losses as high as £130m through card abandonment and transaction failures, Barclays Payments estimated.

Meanwhile, Stripe cites Visa data that claims there was an 11 percent drop in conversion rates in SCA-compliant transactions due to purchasers needing to switch between different apps at checkout.

This is a significant figure that could make Stripe’s new authentication solution attractive to both banks and merchants.

Our premium content is available to users of our services.

To view articles, please Log-in to your account, or sign up today for full access:

Opt in to hear about webinars, events, industry and product news

To find out more about Vixio, contact us today
No items found.