eCommerce Brexit realities

The payments community has a global scope and it's very important that everyone continues to work and collaborate within this community irrespective of outside turmoil. eCommerce is one of the driving forces that is forging a new world, bring people together and redefining the way we all work and play.

Brexit has finally happened, after what was an excruciatingly long process and the inevitable posturing on all sides. As important an event Brexit is, it was naturally overshadowed by the Covid-19 pandemic, in any case it is clear that Brexit has still managed to catch many unprepared.

At a time when Covid has left many businesses on their knees, what businesses and consumers need is business continuity and continued service, especially as eCommerce has emerged as one of the most powerful tools for surviving Covid.

eCommerce Brexit fulfillment and processing

eCommerce sites are busy dealing with new customs regulations that impact in particular physical goods crossing the newly re-instated borders. Long established relationships and customer loyalties have been frustrated and penalized by new fees and obstacles; businesses and customers on both sides of the divide have been left scrambling to find the best way forward.

A key part of eCommerce is Strong Customer Authentication which provides fraud prevention and protection of consumer and merchant rights. Th PDS2 mandate for SCA came into effect on the same day as Brexit. But in spite of the overlap, this does not exactly complicate things – on matters relating to security and consumer rights and the use of 3DSecure, there is no doubt that both the UK and the EU are currently in agreement. In fact, PSD2 regulations apply to the European Economic Area (EEA) and the UK too, which still remains part of the EEA.

Brexit postpones SCA

Possibly as a result of Covid or Brexit (or a combination of both), the UK has decided to postpone the mandate for the use of SCA from the 1st of January to the 14th of September 2021. This mandate means that Issuers will be required to decline a transaction if this transaction is not with 3DSecure to ensure strong customer Authentication.

British merchants should therefore be aware that even if the mandate comes into force in September for the UK, any transactions from outside the UK are immediately impacted because the regulation is already in place for them. Fortunately, there is some good news for them too, the use of 3DSecure Version 1 is well entrenched in Europe and the UK and version 1 satisfies the requirements of PSD2.

The UK is also differing from Europe by promoting the use of a flag that would signal that 3DSecure is not available; this flag would allow banks to accept an exemption from SCA in order to keep transactions processing during an outage. At the moment this initiative is only being considered in the UK and will be restricted to UK Acquirers and Issuers.

3DSecure Version 1 versus Version 2

While 3DSecure Version 1 satisfies PSD2, it lacks the flexibility to cater for special cases such as merchant-initiated transactions; Version 2 also provides a better customer experience thanks to its Risk Based, friction-less authentication features. An enhance consumer experience is very much as the heart of Version 2.