Skip to content

The 5 key steps to prepare your subscription business for SCA

Andy Tweddle
Written by

Last editedApr 20234 min read

The key actions your business should consider taking, to make sure you're fully prepared when SCA comes into force in September 2019.

The road to SCA compliance

Strong Customer Authentication will come into force in September 2019* as part of the 2nd Payment Services Directive (PDS2). Time is quickly running out to make sure your subscription business is fully prepared for the raft of incoming changes.

Your business would be far from the only one not yet ready. In late 2018, a Mastercard survey found that  86% of online businesses in Europe were not yet SCA compliant, while 75% weren’t even aware of the upcoming legislation.

But ready or not, SCA is going to demand changes from all European subscription businesses (and those outside of it who collect from European customers). 

It can be hard to know  exactly what to do in preparation for the coming changes, so we’ve written a straightforward five-step process to give all your subscriptions the best chance of surviving SCA.

1. Get to grips with where, how and to what SCA applies

It seems somewhat obvious to say to you, while you’re reading an article about SCA, to spend time reading up on SCA. But without a full understanding of the parameters of the legislation, any other steps to preparation are doomed to fail.

  • If you know nothing about SCA, start with our two-minute introductory video to the topic.

  • If you want to know more about how it will specifically impact businesses with recurring revenue, take a look at this article.

  • For the most comprehensive take on SCA in one place, read our comprehensive guide.

Understanding where and when SCA does and does not apply, and where exemptions can be leveraged, is key to the next step on the road to SCA safety: mapping all of your payment flows.

The comprehensive guide to SCA

The comprehensive guide to SCA

Read the full guide

2. Map out your payment flows

When readying your business for SCA, it’s important to know all the ways your customers may potentially pay you, including the payment methods (e.g. credit card, Direct Debit etc.), the values of individual transactions, whether they are repeat payments, and whether those repeat payments can change in value.

Once you have gathered all this information, map out all of the payment flows available to your customers, and check them against available SCA exemptions. Where SCA exemptions are available to some of your payment flows, or where the transactions are entirely out of scope (such as paperless Direct Debit mandates), you will be able to minimise the amount of work needed to update your payment flows effectively.

When you have worked out which payments can be exempted, you’ll be left with a list of payment flows that will require SCA, and so will require technology, such as 3DS2, to facilitate that.

3. Communicate with your PSP(s)

Your ability to safeguard your conversion rates by implementing the necessary changes to your payment flows, while not harming the user experience during those payment journeys, will require a proactive payment services provider (PSP).

Many PSPs with a focus on online card transactions have built or are building 3DS2-enabled payment flows designed to reduce friction as much as possible.

Other PSPs, including GoCardless, offer alternatives to two-factor authentication by providing payment solutions out of scope from SCA.

The importance of a PSP that is itself ready for SCA should not be understated. In a May 2019 study by 451 Research, 60% of online businesses with a ‘proactive’ PSP feel confident they’ll be ready for the September deadline, compared to just 24% for those with a ‘passive’ PSP.

The key action to take when talking to a PSP is to request confirmation that it can facilitate your compliance. It may be able to handle this automatically, but make sure you ask if there are any manual steps you need to take.

4. Consider how to communicate SCA with customers

Online shoppers are torn between security and convenience. In a recent GoCardless survey of 4,000 online shoppers across Europe, 58% prioritised security over convenience. 

However, while 39% would feel safer if presented with more complex security processes when shopping online, 56% would feel suspicious and/or frustrated. Plus, 41% of shoppers had previously abandoned an online purchase.

What does this tell us? It shows that attitudes and actual behaviour do not always match, and your customers actions as a result of new information about SCA and checkout security.

On the other hand, In the UK for example, around one-third of consumers have no knowledge of upcoming changes resulting from SCA. Informing those customers of these changes in advance of them coming into effect could ensure a smooth transition when changes take effect because sudden unexpected changes to their purchasing experience could result in a conversion rate drop off. 

There is, unfortunately, no one-size-fits-all best approach here. You must decide which will be best received by your customers and present the lowest conversion rate risk - sending out SCA comms or not. It is, however, worth noting that by following the steps in this article, you can minimise the amount of friction at checkout that may lead to lowered conversion rates.

Exemptions and out of scope transactions were mentioned above as ways of reducing the workload when it comes to SCA, but what if you could avoid the headache of changing your payment flows altogether?

GoCardless and our use of Paperless Direct Debit mandates (which are out of scope for SCA) is a realistic way of achieving this.

And not only is this specific payment method good for your business, but it’s seen as a positive by customers across Europe and in many other markets as well.

In a recent YouGov survey of around 12,000 consumers, bank debit/Direct Debit was the most popular payment method for online subscriptions, instalments, household bills and traditional subscriptions across the six European markets surveyed (UK, France, Spain, Germany, Denmark and Sweden).

Hopefully, this guide will give you some clarity on how to begin your preparations, but if you want more detail and you’d like to know more about the situation for your business specifically, why not speak to one of our experts?

*Note: On 13 August 2019 the Financial Conduct Authority (FCA) confirmed that enforcement of SCA in the UK will include a phased 18-month implementation, starting on 14 September 2019 and ending March 2021. On 30 April 2020, an additional 6 months was granted in response to the exceptional COVID-19 circumstances, meaning the current deadline for implementation is 14 September 2021.

Over 85,000 businesses use GoCardless to get paid on time. Learn more about how you can improve payment processing at your business today.

Get StartedLearn More
Interested in automating the way you get paid? GoCardless can help
Interested in automating the way you get paid? GoCardless can help

Interested in automating the way you get paid? GoCardless can help

Contact sales