How to Communicate SCA Updates and Changes in the Customer Journey to Your Online Shoppers

2Checkout (now Verifone)
8 min readAug 26, 2021

The changes and enhancements to the European Secure Customer Authentication rules, known as PSD2, are making buying and selling online even more secure.

Compliance issues for banks and businesses caused the deadline to be pushed back to December 2020 and is now in full effect. While some countries have pushed their timing back even further to the fall of 2021, there is still a lot of confusion and frustration that comes along with the new advanced security measures.

In order to prevent fraud, the new rules will cause customers to go through an extra validation step at checkout. There are some exceptions including white-listed, low cost, recurring, and secure corporate transactions, but for the most part both customers and merchants now have to get used to the changes in checkout flow.

There are two routes that consumers can be funneled into with PSD2 in effect. The first is a frictionless flow that will feel similar to the previous experience that customers are used to when shopping online, where the authentication process takes place behind the scenes without any extra input from the customer. The end-goal of 3Dsecure 2.0 verifications mandated by PSD2 is to improve the user experience through these frictionless flows, although transactions with higher risk associated require extra steps.

The other route is the challenge flow, where the customer is required to authenticate their information to ensure that they are who they say they are in order to process online purchases. Whereas in the past a code sent to the customer would need to be entered, now there are other different options for people to authenticate themselves, with the use of biometrics or previously-know passwords.

Why customers are frustrated

The frustration for customers having to go through challenge flows at the checkout are due to a variety of factors. The inconvenience and effort that it takes to make a purchase using multiple authentication measures can be enough for many to decide against the purchase all together.

A FICO poll concluded that 54% of British consumers are fine with the amount of security checks that are already taking place. The fact that users do not yet report a lot of pushback with security protocols they have to go through for online payments may signal that many of them may not be aware yet of the need for additional authentication.

Ultimately, the adaptation and acceptance rate for the PSD2 security measures will have everything to do with how fast banks are able to integrate and roll out new security protocols generated from tech innovations. With the rapid development within the fintech industry, customers are used to a simple and streamlined shopping experience, especially when it comes to online purchases.

But it’s been no easy task for banks, as many of them have found it challenging to implement new exemptions into their systems, which has caused some disruption on the market and a rise in failed authorizations.

Rely on email communication

With so many changes for the customer checkout process occurring, fears over checkout dropoff rates have risen. An analysis on four European countries in January-February 2021 found that 26% of all 3DS challenges failed authentications. As a rule, merchants want the buying process and customer experience to be as simple as possible.

Requiring more effort from consumers to make purchases through authenticating their payment methods has already begun to deter customers at checkout. In order to reduce the likelihood of cart abandonment, it is imperative that merchants are proactive in their efforts to communicate new checkout processes.

There are many ways that consumers come into contact with the brands that they buy from including blogs, social media posts and messaging apps, however, email communication is the number one way that merchants can communicate the changes that are being made.

When communicating SCA updates to clients, be sure to direct them in the right place should they experience issues. A good rule of thumb is to recommend approaching the shopper’s own issuing bank with these problems, as SCA authorizations are frequently requested by that party. Don’t forget to remind the customer to ask their bank whether their account has already been enrolled in 3DS2 flows, as checkout problems can arise if the shopper’s card is not in the scheme yet or if the bank has not properly integrated their SCA flows.

Another good practice is to remind shoppers of other alternative payment methods that your merchant store includes — like PayPal or Apple Pay — which are guaranteed to offer predictable checkout experiences for shoppers.

Don’t forget to also reassure the user that, if the 3DS authentication failed in a transaction, then no funds were nor will be withdrawn from the customer’s account.

The key to ensuring that this important information is well received is using attention grabbing methods in your emails that both inform the customer and put them at ease. New marketing trends like using rich multimedia and sending more interactive emails can boost clicks and get more customers to take the time to read and understand how PSD2 will positively affect their buying experience.

Educating customers on new SCA flows does not fall solely on merchants, as banks themselves are responsible for communicating what has changed in the authorization process and how this has impacted the customer experience. While some banks are handling this properly, others less so. Different banks are resorting to different implementation methods and communication of changes has not yet occurred in all markets. Merchants have thus found themselves in need to step up and educate customers themselves in lack of official bank communication, in an effort to combat dropoff rates.

Assure customers of your security protocols

As with all changes and implementations that affect our normal routines, there has been significant frustration in consumers as authentication strategies become stricter. The pushback that merchants and banks are experiencing is not because customers don’t want more security, but because most of them are unaware of how important authentication measures are and the risks that are involved with shopping online.

Ecommerce software allows making and accepting payments online to be very easy, and customers have come to know the checkout process as it is. This means that hackers have also become more familiar with the checkout process and weaknesses in security therein.

With more people becoming comfortable with sharing their information with businesses online, the need for payment software that comes with authentication measures such as PCI-DSS certification is imperative. This protects our most valuable pieces of information and adds a layer of trust in the buyer-seller relationship, ensuring that customers feel safe and secure when buying your products and services online.

Despite the frustration that SCA can cause for merchants and customers, the need for more security in online transactions has been central to the development of PSD2. The best way to keep accounts secure is for the customer to authenticate using a combination of identifying factors. Some identification methods include using a password or a pin, having a message sent to a phone number or email address, and biometrics such as fingerprints or facial recognition.

Unfortunately, business owners are stuck in between the need to provide seamless customer service and the need to ensure the security of transactions no matter what payment method is being used. Maintaining compliance with PSD2 protects your payment system, and also can increase conversion rates when customers are educated and informed about the value of the authentication process.

Use content marketing to communicate updates

It is not too late for online businesses to get on board with new content marketing techniques to help customers transition into the new authentication process. Increasing the visibility of campaigns by reaching audiences through email, blogs, social media, and other content marketing techniques is the first step in the customer journey with your brand. Deciding on what form of content marketing will work best for your audience and your business is a process of analyzing your customers response to different marketing strategies.

Content marketing uses imagery and language to relate to customers through social media, email, site updates, blogs and messaging apps. Getting the attention of your customers in a way that is comforting and engaging involves more than just a post here or there. Focus on creating a content experience that works together as whole. Creating a dynamic content marketing experience will help keep your audience engaged so that they can receive the information they need to have a great experience on your website.

Improving your communication strategy helps to give your existing (and potential) customers the peace of mind they need to comply with the new SCA guidelines. Business owners will need to create content pieces to communicate why the extra layer of security is beneficial for them and help them understand how the process will work.

Automate customer service

Consumers are becoming more accustomed to interacting with various forms of AI when conducting business online. Chatbots started out only being used for very specific purposes, but are now capable of handling even complex customer service issues. In fact, 47% of online buyers find that chatbots are an invaluable resource. Have a chatbot available through email, messaging apps, or on your landing page so that customers can get immediate answers to their questions regarding SCA.

Another idea is to include a list of Frequently Asked Questions, either in the chatbot or directly on the landing page, so that users have fast easy access to the main queries related to new checkout authentication protocols. Some of the questions your FAQ section can touch on include:

  • What is 3D Secure 2.0 and how does it help me?
  • What are the benefits of 3D Secure?
  • Can my transaction be canceled?
  • How do I know my transaction went through?
  • What happens if I have a recurring subscription?
  • How many attempts are permitted before I’m locked out?


With eCommerce rapidly growing as more people spend their money online, the need for updated security measures has become more necessary than ever before. Your customers are having to quickly adapt to their environment as the products and services they rely on move to online. Although there are many new struggles cropping up as PSD2 takes effect, this is a great opportunity for merchants to build trust with their customers and ease the checkout process by efficiently communicating the changes being made.

Your customers receive tens, maybe hundreds of emails each day, so it is important to utilize content marketing tools to grab their attention so they can absorb what you have to say. Keeping the security and protection of your customer’s most valuable information at the center of your PSD2 messaging will strengthen your relationship with your existing customers and attract new customers to your brand.

For more details on what has changed with the enforcement of PSD2, please review our dedicated guide here.



2Checkout (now Verifone)

2Checkout (now Verifone) is the leading all-in-one monetization platform for global businesses built to help clients drive sales growth across channels.