Agile App Co.

Strong Customer Authentication

If you haven't heard, a new regulation known as Strong Customer Authentication is being rolled out this year in September 2019 and will be required by 14th September to continue receiving payments from customers with transactions that are not exempt from this new regulation. 

We have been talking to payment providers to help make the process more seamless for the businesses currently using payment methods that will require some development work to accommodate these changes. 

What is Strong Customer Authentication

Essentially it is an additional layer of authentication during a payment transaction to reduce the amount of fraud currently around. The additional layer has 3 flavours and can be more easily described as one of the following in addition to what a payment currently captures from the customer.

  • Knowledge: something only the user knows, such as a password.
  • Possession: something only the user possesses, such as a token or mobile phone.
  • Inherence: something the user is, such as a biometric element (e.g. fingerprint recognition).

Implementing Strong Customer Authentication in Mobile Apps

Our first concern with SCA was that the user journey will be siginificantly inhibited by an additional barrier placed in front of their buying process. The last thing we want to do is add additional steps and potentially frustration to the existing user journey. Such actions could not just decrease sales but could kill a business alltogether. 

As is the Agile App Co way turning a problem in to an opportunity is what we do. The current articles you might read as of today 25th March 2019, there isn't a whole lot of advice about the implication of the user journey and the dangers that could be added to businesses by reducing the quality of the user experience. However you need to think outside of the box. 

ApplePay and Android Pay are a fairly new method of payment available that is becoming more and more accepted across merchants. There is the convenience of not having to enter card details or passwords yet, the third element of the SCA regulation also seems to be covered. So I think we are on to something here. 

We can confirm that after discussions with major payment providers, ApplePay is SCA compliant and as such is a much better approach to taking a payment vs having to enter in card details and then an additional bit of information under the SCA bracket. For the sake of spending perhaps two more development days implementing Apple / Android Pay you are reducing the steps needed for a payment to be made whilst also becoming compliant to new SCA standards.