On the website of UK Finance, the trade group representing British banks and financial firms, a timer counts down the seconds until new rules come into force that could affect billions of card transactions each month.
The slightly ominous visual reflects the importance that the industry has attached to new rules known as strong customer authentication — and highlights the danger of what could happen if firms aren’t ready in time.
SCA is a key part of efforts to reduce the risk of payments fraud — a goal which is more important than ever after the pandemic accelerated the shift away from cash. But companies and trade groups have been warning for several years that the rules could derail online commerce if they are not implemented effectively.
Indeed in the EU, where the rules are already beginning to be enforced, card decline rates are rising. Officials and payments executives are now scrambling to work out the kinks to avoid any similar issues in the UK, but not everyone is confident.
“I’m not convinced that there’s going to be any significant progress because the same systemic problems that sit at the heart of this still remain,” said Paul Rodgers, chair of industry group Vendorcom and a former panel member at the UK’s Payment Systems Regulator.
At its most basic level, SCA requires customers to go through an extra layer of authentication to prove their identity when making purchases, such as entering a one-time passcode or scanning a thumbprint. It sounds simple enough, but the change requires coordination between card networks, card-issuing banks and merchants.
“Communicating anything clear and consistent to merchants is a very difficult challenge because there’s almost as many subtle differences [between different banks] as there are issuing banks,” Rodgers explained. “That then means it is almost impossible for the merchants to communicate with customers about what experience they will find.”
Even if that coordination happens seamlessly, there are myriad other potential issues, including that banks do not have up-to-date contact details for millions of consumers, and customers could be unable to make purchases if they forget a password or enter a cellular reception dead zone.
The rules were originally due to come into force in 2019, but they’ve been repeatedly delayed. Last month the UK’s Financial Conduct Authority pushed back its deadline yet again to March 2022 to give the industry more time to prepare, but EU members have been gradually rolling out the changes for several months.
Payments consultancy CMSPI estimated that in April an average of 30 per cent of transactions that used new security standards were abandoned or declined when consumers were challenged to provide extra authentication.
One official who is working on the UK’s preparations said they believed decline rates across the EU were in the mid teens — less severe than CMSPI’s estimates, but still enough to be a serious problem if the new rule was applied to all the billions of card transactions that take place each month.
Matt Henderson, Stripe’s business lead for Europe, Middle East and Africa, said: “The worst case scenario of mass failed payments has so far been avoided as local regulators have taken a gradual approach to enforcement. But still some payments are failing unnecessarily as merchants and issuers get to grips with the new regulations.”
High decline rates could be particularly damaging in the UK, which is more reliant on debit and credit cards than most of Europe. Officials hope the delayed roll-out date will help them avoid the worst of the problems. They are also putting more emphasis on biometric authentication methods rather than “knowledge”-based methods such as passwords, which could ironically create new opportunities for fraud as criminals attempt to steal consumers’ information.
With concerns unlikely to disappear entirely, the countdown could also create opportunities for alternative types of payment that have struggled to get off the ground in the UK.
Account-to-account payments, for example, use open banking to bypass card networks. Rodgers said many had failed to make a convincing argument for why they would be preferable to existing payment methods, but said an increase in problems with card payments could make them more attractive.
More stories from the industry that caught our eye this week
Visa/Tink: If at first you don’t succeed Card giant Visa clearly sees the potential in open banking technology to be a game changer in payments markets. Last week it agreed a €1.8bn deal to buy Swedish open banking specialist Tink, less than six months after an attempt to buy Tink’s rival Plaid fell apart. Thursday’s announcement suggested Visa had learned some lessons from the first effort, which was blocked by US regulators who believed Visa was trying to eliminate a potential future competitor. Despite paying more than double what Tink was valued at last December, Visa was keen to stress that Tink was just one among hundreds of providers in Europe.
Two of Germany’s largest fintechs merge It has been a busy month for fintech M&A. Following Visa’s acquisition of Tink last week and JPMorgan’s purchase of Nutmeg the week before, German start-ups and longtime rivals Raisin and Deposit Solutions announced they would combine to create Raisin DS. Raisin operates a consumer-facing savings marketplace that lets savers open accounts with different banks around Europe, while Deposit Solutions provides white label technology to other banks allowing them to offer their own deposit marketplaces.
Crypto Corner: Regulatory crackdowns gather pace The institutional backlash against digital currencies accelerated last week. First up the Bank for International Settlements, the central bank for central banks, published a report arguing that both cryptocurrencies and their more respectable cousins, stablecoins, “tend to work against the public good”. And in case strongly-worded reports from the likes of the BIS and the Basel Committee on Banking Supervision left any room for doubt that regulators are not keen on crypto, a series of concrete interventions later in the week made the position even clearer. In South Korea, the government seized $47m worth of crypto assets from 12,000 people who had been accused of dodging taxes, while the UK’s financial regulator ordered Binance, one of the world’s largest crypto exchanges, to cease all regulated activities in the UK.
Stay up to date with up-and-coming disrupters. Each week we ask a fast-growing fintech to introduce themselves and explain what makes them stand out in a crowded industry. This week we spoke to Lewis Liu, co-founder and CEO of Eigen Technologies, which uses artificial intelligence to help financial firms get usable data from documents, and which is now used by 40 per cent of the world’s largest banks.
When were you founded? 2015
Where are you based? New York, London and Lisbon
Who are your founders? I started Eigen with my founding investor, Jonathan Feuer [former managing partner at private equity group CVC Capital Partners]
What do you sell, and who do you sell it to? A document processing platform that enables clients to quickly and precisely extract information from unstructured data sources such as contracts.
How did you get started? I developed Eigen’s original technology by leveraging insights from my PhD, where I invented a new class of X-ray lasers. Combining this and my experience serving banks during the global financial crisis, I created a sequential pattern matching algorithm to extract data points out of complex documents.
How much money have you raised so far? $60m
What’s your most recent valuation? Not disclosed, but it’s in the multiple hundreds of millions range.
Who are your major shareholders? Goldman Sachs, Temasek, Lakestar, Dawn Capital and ING are our major shareholders, along with myself and Jonathan.
There are lots of fintechs out there — what makes you so special? We pioneered “Small Data AI”. Our platform is unique in requiring very low training data inputs, only two to 50 documents, to build a machine learning model.