This month sees the roll out of the Strong Customer Authentication (SCA) regulation across Europe. Admittedly, while it’s not the juiciest of topics to read about, it is something that all non-profit organisations need to be aware of. If your charity accepts payments online for anything including donations, paid event registrations, memberships and sponsorships, then you need to be prepared to understand the new regulation.
In simple terms, SCA adds more layers of authentication to protect from fraud. For all transactions over £30, the online authentication will now require two or more of the following:
- Something you know, such as a password or a secret fact
- Something you own, such as a mobile phone number or token
- Something you are, such as a fingerprint or voice pattern
Although this means that supporters will need to answer more questions before they can give their donation or pay their membership fee, it also aims to ensure fewer instances of fraud and therefore provide a better experience for all involved in the long run.
Learning about SCA and preparing for its arrival may remind many organisations of the preparation for General Data Protection Regulation (GDPR) last year. While similar in terms of being another complex regulation to read about, understand and be aware of, in fact GDPR was a much bigger obstacle to tackle. As many organisations are well aware, the rollout of GDPR involved ensuring that all data used by the organisation was compliant and putting processes in place for future compliance.
When we asked respondents to our Status of UK Fundraising 2018 benchmark report, 35% told us they were concerned about the potential impact that GDPR would have on fundraising. GDPR introduced significant changes for the sector, and also significant penalties for getting it wrong.
However, in the latest Status of UK Fundraising report, released in June, findings showed that in fact the whole process of implementing GDPR had been much less painful than initially imaged:
- 77% of respondents said that GDPR had made them think differently about their engagement strategies
- 51% said GDPR had not led them to lose significant numbers of supporters
- 22% even said that GDPR had been a positive thing for their organisation
Looking back, it’s easy to see why the prospect of GDPR was daunting, but with the benefit of hindsight it’s clear that the key to successfully navigating it was knowledge and preparation.
Learning from this, the best way to handle the introduction of SCA is to, as the Scouts say, be prepared.