Reducing the Pain & Cost of Hotel Payments Fraud: An SCA Webinar Recap

Our team was excited to be a part of a recent payment briefing hosted by Vendorcom, an organization that connects seekers, solvers, and shapers in the European payments community. We were joined by experts across the industry to discuss experiences and opportunities around the latest regulations in payment security, particularly Strong Customer Authentication (SCA).

SCA is a European regulatory requirement to reduce fraud and make electronic payments more secure. SCA ensures that electronic payments are protected by requiring two out of three security challenges to be completed:

1. A test of knowledge: Identity validation using something the user knows like a password
2. A test of possession: Identity validation using a physical object like a fingerprint scanner
3. A test of inherence: Identity validation using something that is specific to a user like their employee ID

While SCA is simple in theory, the requirement has created conflicts between merchants, payment solution providers, and cardholders across the globe – but greater education and technology can make compliancy easier for all. Keep reading for a recap of the recent briefing.

The Merchant Viewpoint

Mark Rupert Reed, IT Director, Firmdale Hotels

Mark candidly described his experience with SCA as “frustrating.” He and his team manage 80 different solution providers and platforms that use different payment integrations. This disparate tech stack meant extraneous effort for Mark’s team to make sure each solution is SCA compliance. Plus, Mark noted that his customers have been frustrated by the extra security step when making payments, and merchants need better education around SCA to mitigate customer concerns more easily.

Does this sound familiar? Consider these takeaways: the more streamlined your tech stack is, the easier it is to upgrade and stay compliant, whether you choose to do so proactively or due to mandated regulations. It’s also important to make sure your staff stays educated on trends and requirements to proficiently share their benefits and problem solve when customer issues arise. This is all made easier with the right solution provider.

The Solution Provider Viewpoint

Kevin Carson, VP of Global Business Development, FreedomPay

Kevin disclosed that while he understands there is confusion stemming from SCA, he believes that it’s a proper necessity for online payments. Kevin’s company, FreedomPay, has chosen to meet merchants on their level by offering a commerce platform that transforms existing payment systems and processes to comply with the regulations of other merchants and payment gateways universally.

“As a response to change, many companies are choosing commerce platforms that offer more flexibility with all partnerships required in a company’s tech stack. I recommend that companies remove themselves from the world of semi-integrated, standalone solutions and embrace a completely integrated world that is focused on all types of security on all channels.”

The Security Viewpoint

Candice Pressinger, Director of Customer Data Security, Elavon Europe

“It’s a good thing,” said Candice. “The SCA requirement is meant to keep things stable, especially in the unsure times we have just experienced. All users need to be aware of this extra step of security to create consistency.”

Candice remarked that the problem lays in friction in the payment journey for merchants like Mark. That’s because non-compliancy means declined transactions and lost sales. She stressed that 26% of customers will drop out of the payment journey if they experience friction, so it’s incredibly important for merchants to understand how SCA works to avoid losing customers. It’s also critical to implement fraud prevention measures to separate and eliminate the risky transactions from the safe ones.

The Technology Viewpoint

Mike Ryan, Director of Enterprise Payments, Sertifi

Mike explained that using 3-D Secure (3DS), a technical solution designed to deliver SCA on e-commerce transactions and leverage customer-initiated transactions wherever possible, is the easiest way to stay compliant. The solution allows chargeback liability to shift back onto the merchant, improves cost savings, supports card-not-present (CNP) transaction compliancy, increases approval rates, ensures chargeback protection, and overall enhances security.

Despite their different sentiments and experiences, the panel wholeheartedly agreed staying educated and creating easier secure solutions is a partnership across regulators, merchants, and acquirers.

To end the conversation, the panelists were asked what their one wish was for the future of SCA.

Mark: “I need to see something be given back as a merchant. We are not a merchant; we are a hotelier. We’ve spent so much money on the transition to SCA, and it would be nice for the pressure to be taken off our shoulders.”

Kevin: “All of the tools are there and easy to use. We must start to understand two-factor authentication quicker. It helps the merchants, it helps the customers, and a better experience is reflected. It’s something we should all be able to work on."

Candice: “We need to work together as an ecosystem to make payments a more positive experience for merchants and consumers.”

Mike: “This shouldn’t just be a merchant-level solution. The issuer needs to be supported more. If corporate cards are exempt, then let’s stop pushing them through the process at the issuer level. Let’s let the issuer take care of that for us. I would also like more awareness in the US. About 4% of people in the US know about SCA and use it and because of that missing knowledge comes friction.”