Axerve participates in IRX on October 12-13, come visit our stand IR60. Register now

Axerve participates in IRX on October 12-13, come visit our stand IR60. Register now


Our Solutions

Unique and integrated solutions to manage payments in all shapes and forms in all online channels.
SCA and its effect on shopping cart abandonment

SCA and its effect on shopping cart abandonment

Updated: 8 October 2021 • Reading time: 9 minutes

We already discussed the definition of Strong Customer Authentication (SCA) when it was a brand new requirement introduced by the PSD2 regulation on payment service providers (The EU and EEA revised Payment Services Directive), established to make all electronic payments more secure through a multi-factor authentication. Since then many things changed, especially in the UK.

Strong customer authentication in the UK after Brexit

Not being a part of the EU anymore, slightly different rules apply to the enforcement of SCA compliance in the UK. For example, the requirement for SCA for Ecommerce in the countries of the European Economic Area needed to be enforced by January 1st, 2021, while in the UK the deadline is different, even though, Strong Customer Authentication is already enforced for many other electronic transactions in the UK and the rest of the world.

Initially, strong customer authentication in the UK was supposed to be done by March 2021, but the deadline was extended by the Financial Conduct Authority due to the COVID emergency and Brexit. By September 15th, 2021, payment service providers, Ecommerce merchants, payment gateways need to be ready for SCA compliance

The first doubt with the credit card SCA that comes to mind is that of how it will impact frictionless payment. Is frictionless transaction under a threat with now an obligatory SCA and an extra step introduced at the checkout?

Many merchants, especially those that operate on international level where SCA is obligatory, are afraid that with SCA compliance friction will be an issue at the checkout with additional security measures in place, which will result in a significant drop in conversions. Even though, multi-factor doesn’t necessary mean lower transactions, since not registered users that usually cause a high drop-off, are the ones that don’t purchase in the end, no matter if the transaction is frictionless or not.

Still, safety and security might cost businesses a higher cart abandonment rate for Ecommerce, travel and digital goods. What can be done to prevent it? This is when smart use of different payment methods and maximising SCA exemption come into play in order to safeguard conversion rate and businesses’ growth.

Payment methods play a crucial role. Electronic instant payments and bank transfers are the payment methods that require SCA compliance. Direct debits, for instance, that are done without customer’s bank involvement in the moment of transaction taking place, due to bank’s prior approval, are not subject to SCA, since this payment method is considered more fraud-resistant than a credit/debit card payment, which has to be SCA compliant.

What payment can be excluded from SCA?

Since 2018 when we talked about it last, SCA exemptions and conditions expanded and became more specific. Besides inter-regional transactions, in which the issuer or acquirer reside outside Europe, these transactions now are in the gray area, even though, there are plans to enforce payment SCA worldwide, and even when both parties reside outside the EEA, it is still strongly suggested to comply with the SCA but is not required yet.

For now, there are 10 categories that qualify for PSD2 SCA exemption of transactions in EEA and the UK starting this September:

  • Transaction risk analysis (TRA) results in a low risk transaction and it is under €100/€250/€500, the amount depends on the fraud rates of the banks and PSPs. The categorisation analysis of transactions happens in real time, therefore, there is no delay or added friction for the customer. It would make sense, however, to introduce an exemption for specific payment service providers and banks that don’t want to apply SCA to payments, but want to adopt an effective risk management and fraud prevention solution based on machine learning and the latest technology, which would ensure the customers’ safety and would make SCA protection redundant and not adding any value. However, no risk-based full SCA exemption exists at this moment. If you want to learn more about the topic, check out this insight.
  • Micropayments online are low-value transactions. What is considered low value is individual to every provider and/or bank, but it is usually less than €30 in the EU. In addition, the authentication had to take place less than 5 transactions ago and less than €100 were spent overall without authentication. If one of these conditions is not met, the SCA exemption will not be valid for that micro transaction.
  • Trusted Beneficiaries are the trusted companies whitelisted by the customer through their Account Servicing Payment Service Providers (ASPSP). In this case only the first transaction requires SCA compliance. However, the adoption process has been slow among banks so far, and not that many banks support this feature. Another limitation is on the merchants’ side, since they would need to communicate their IBAN to be whitelisted and not all merchants are ready to do that, besides the fact that they still depend on the bank to give the customers an opportunity to add them to their Trusted Beneficiary List. Once the list is modified the SCA will be required once again.
  • Certain recurring transactions, such as subscriptions at fixed price. Recurring payments’ SCA compliance depends on the value, frequency and other factors. But even if SCA classifies as obligatory, it will be most likely required only during the first transaction and during the subscription renewals if they take place, or if the price and/or frequency of transaction changes. To sum it up, SCA applies only to the first payment if the recurring payment is done at the same frequency and always for the same amount, like in subscription and membership payments or installment payments. However, if the recurring payment is done through an invoice with different amounts transferred each time, SCA applies to each transaction.
  • Merchant-initiated transaction, which includes subscription fees with variable pricing, the customer doesn’t even have to be present due to the authority given by a customer to the merchant. Therefore, this type of payments is out of payment SCA scope. However, bank has the last word on the decision whether SCA should be applied or not. Also, this type of transactions cannot be done, if the customer didn’t present a mandate, authorising the merchant to use the card. This is the most common transaction in the companies that have a business model based on delayed payments.
  • Secure Corporate Payments, this type of payments is made with “lodged cards” used for B2B payments, by legal persons who are non-consumers, since there is no use of dynamic link in the payment process, like there is for consumers.
  • Contactless payments at points of sale of €50, as well as cumulative payments in a row under 150€ or less than 5 subsequent payments. Otherwise, strong customer authentication is required.
  • MOTO payments, Mail Order and Telephone Orders, when the card details are collected over the phone. Keep in mind that to accept MOTO payments a business needs to be PCI-compliant.
  • Transportation and parking payments.
  • Credit transfers within the same bank, if the bank decides so.

What is important to highlight regarding SCA exemptions is that the banks are not obliged to support them, so they have an authority to apply SCA, even if the transaction qualifies for exemption or the merchant’s PSP supports it, the banks can still enforce it if they wish.

A very common question that comes up often, where safe transaction and SCA are concerned, is about the security protocols of payment circuits like Visa, Mastercard and others, therefore we pose and answer the following question.

Is 3DS2 mandatory?

Yes, it is, to put it simply. However, for now in the EEA area only, in order to comply with the European SCA regulation. Merchants outside of Europe, however, are strongly encouraged to implement the latest version of the protocol 3DS2 (3D Secure 2.X) in the near future to help with fraud prevention and customer experience. In theory, the 3DS2 is not actually obligatory because of PSD2 regulation, but was identified by the payment industry as a tool to enable the compliance with the regulations for two main reasons:

  1. To allow multi-factor authentication;
  2. To allow the management of SCA exemptions.

Issuers will have to manage exemptions with the right tools implementation to be able to categorise those transactions that can be carried out with SCA. So, the way merchants set up 3D Secure 2.0 depends on their payment service provider. Same goes for charges for 3DS2, they depend on the PSP, as well as the implementation charges and extra costs depend on the provider you are with.

Each issuing PSP has to select the factors to use in authentication and to combine them in different ways to ensure further users’ protection. Another obligation payment service providers have, which is required by SCA, is that of communication with the merchants, the whole process of implementation of SCA and the approach that the PSP wants to adopt is to be communicated to the merchant.

The UK is the leader in Europe on percentage of transaction authenticated with 3DS2². 92% of the transactions were authenticated in May 2021 (+5% from January 2021), while Germany is at 73%, Italy at 67% and only 59% in Belgium.


Why is shopping cart abandonment a problem for retailers?

The problem, of course, is not a shopping card abandonment per se. Simply put, the problem for the merchants is the effects of shopping cart abandonment on businesses, as explored in the linked video, effects, such as lower conversions for the merchants and, as a result, lower revenue. In essence, every abandoned cart is a purchase that could have happened but didn’t, and the customer journey wasn’t completed. The problem for retailers is that this rate is huge all around the world. According to SaleCycle’s report³ that analyzed 500 global brands, Europe is the region with the lowest shopping cart abandonment rate and even then, it is at 81.5%, while the highest rate is in Middle East and Africa at almost 91%. As a merchant, you should keep an eye on the increase of the shopping cart abandonment rate in your business, conduct analysis and research the average rate in the industry and the region you are in, for the abandoned carts not to become a problem that would have a high impact on your margins. What also is very important is to get in contact with your payment partner, make sure the solution you are using for your Ecommerce is the optimal one and consider integrating a Payment Orchestration platform that results useful in reducing shopping cart abandonment rate.

To learn how to deal with the shopping cart abandonment and its reasons, in order to give your customers frictionless payment experience, SCA compliant or not, read our article on abandoned cartsShopping cart abandonment: reasons and solutions.


Ensuring UK SCA compliance and minimising customer impact, UK Finance, July 2020


Innovative Payments, Digital Innovation Observatories Polytechnic University of Milan, May 2021


The 2020 Ecommerce Stats Report, SaleCycle, 2020

Latest edu-content
Payment Orchestration explained
28 March 2022
Benefits of Buy Now Pay Later for Ecommerce
28 March 2022
Shopping cart abandonment
24 January 2022

Join our newsletter