On the 14th September, the EU’s Second Payment Services Directive comes into effect, changing the way in which all customer to business transactions are processed. Regardless of the Brexit outcome, this new law will have an impact on all organisations with online payments operations.
Edward MacWhirter, Managing Director of Museum Shops Ltd – an online marketplace dedicated to supporting the work of Museums by growing retail sales and bringing gift shops to a wider audience – has written the following tips and article to help AIM members prepare for this change.
So What Does Becoming Strong Customer Authentication Compliance (SCA) Compliant Involve?
Essentially banks may at their discretion demand additional verification details from the customer when they make a purchase, specifically two out of the three following.
Something the customer knows (a password or PIN)
Something the customer has (a phone or computer for verification texts or emails)
Something the customer is (fingerprint or phone recognition)
If a website cannot collect this data from the customer there is a substantial risk that the transaction may not be approved by the bank.
There are exemptions in place for small transactions but even so, authentication may still be required.
If, for example, a customer has not purchased from you before or has no history of online purchases an SCA request may be triggered. The first online payment of a regular fixed amount membership subscription is also virtually guaranteed to have SCA applied to it.
How Can Museums Prepare For The Introduction Of SCA?
Currently the most common way of authenticating a transaction is a system called 3D Secure which you will almost certainly have seen at some point when making an online purchase.
This will shortly be replaced by the imaginatively named 3D Secure 2, which will handle the new authentication requirements.
In order to become SCA compliant your ecommerce website software will require recoding to facilitate the new protocol, something that will prove a challenge for older websites will prove a challenge owing to software compatibility requirements.
Museum Shops uses Stripe as a payment gateway and will provide a fully SCA compliant shop on a continuously updated platform. Opening a Seller account on Museum Shops is free and can be done in a few quick steps.
We don’t charge listing fees or ongoing monthly fees just a 10% commission and the standard card payment fee when you make a sale. Just six months since launching and we are already on track for 35,000 pageviews by the end of our first year, delivering customers via our marketplace to our partners products.
Even with a no-deal Brexit, the SCA Directive is likely to remain in effect unless and until amended by UK law, a substantive change being unlikely due to the enhanced level of customer protection provided.
It is therefore essential that all Museums making online sales, whether tickets, memberships or retail, be ready to meet the deadline on 14th September or risk having transactions declined.
A Note On Compliance
Lastly a final important note on compliance; Terms and conditions and in particular a refunds policy are a legal requirement (links to the relevant information are included below).
Too many Museums operate online shops without these in place and are therefore operating outside the law. It isn’t likely that the government will check compliance, but if a dispute with a customer occurs then it will be your organisation that will be left legally exposed.
Museum Shops provides a full Terms & Conditions and Refunds policy template (including WEEE and Accessibility clauses) to all account holders, providing the tools to our partners to trade safely.
For SCA compliance advice or to enquire about joining Museum Shops, please get in touch via [email protected].
Useful Links
Museum Shops Twitter: @museumshopsuk
Online and distance selling
Accepting returns and giving refunds: the law