It’s just one part of one regulation in one region that addresses one business practice, but for Stripe, Strong Customer Authentication is a ticket to unlock markets across multiple business types.
“Payment authentication is becoming more important and that trend is to stay,” said Olivier Godement, SCA product manager at Stripe. “You have to make it easy to have good fraud protection without compromising experience.”
SCA is part of the European PSD2 standards, with the authentication piece going into effect in September. PSD2 is a broader rule governing data sharing between banks and third parties to provide consumers with more options and control over financial relationships and transaction flows, so a requirement for more vigorous authentication is just one piece.
SCA can be implemented as dual authentication that can be a combination of a password, device ID or biometric authentication. Dual authentication, “what you know” or “who you are,” has existed for years. But most recently it’s become a way to migrate away from passwords toward a system of ID security that’s more digital and portable.
But for Godement, SCA is much more than a sidebar to a larger law. Everyone will have to bow to SCA in some form as static password-based authentication falls out of vogue, and that means enabling SCA can benefit Stripe’s core business of providing tools for businesses to sell and receive payments online; and any other technology Stripe chooses to put on the stack such as merchant credit or installment payments.
“The scale of SCA is such that any merchant that sells to European customers has to adhere,” Godement said, estimating that could be as much as a million merchants. “That’s 1 million upgrades to the checkout flow that have to be done.”
Stripe’s strategy to compete for those merchants includes an
The company also recently agreed to acquire
Godement is anticipating these tools will be needed far beyond Europe.
The API and acquisition position Stripe to address bank security, including authentication for online banking logins, lending and bank payment rails. Much like the large-bank IT companies
“If the payment uses a bank’s protocols to authenticate a card payment, there is only so much the merchant can do,” Godement said. “If we help the merchant optimize the payment experience and the bank doesn’t have the right technology, it won’t be workable. We want to make sure we have a foot on both sides of the transaction.”
Stripe's core business of enabling payments helped the company draw a valuation of more than $20 billion, but the expansion of international e-commerce and online marketplaces, the larger mergers and the diversification of other fintechs like PayPal and Square require Stripe to broaden beyond payment acceptance.
“With a role on each side of the spectrum, Stripe is now in a unique position to orchestrate and curate all aspects of the SCA checkout experience for its merchant customers,” said Jordan McKee, research director for customer experience and commerce for retail payments at 451 Research. “Ultimately, by adding authentication capabilities for banks, Stripe is aiming to bring its SCA strategy full circle with the goal of further optimizing the checkout flow for its own merchant customers.”
To maximize the potential of the Touchtech deal, there is much work to be done to expand issuer adoption of Touchtech’s technology, McKee said. “However, backed by Stripe's resources and issuer relationships, Touchtech now has much better footing to drive market uptake.”
And given the likelihood of open banking and digital dynamic authentication becoming standard in most developed markets, the combination of merchant and financial identity is a necessity. The
“This move also puts Stripe in a unique position to serve other global markets that are preparing for regulations similar to SCA,” McKee said. “It's also worth considering how Touchtech may complement Stripe Issuing, Stripe’s recently launched issuer processor service.”
