Using ML to comply with SCA requirements
For a long time we’ve applied machine learning (ML) to different points in the payments journey: it’s how Stripe Radar blocks fraud and Adaptive Acceptance determines the best authorization pathways. But payment processing is flexible with nearly infinite optimizations, and more recently we’ve harnessed advances in ML to refine a much wider set of decision points in the payments flow.
This includes applying ML to the way we navigate Strong Customer Authentication (SCA) regulations for card transactions in the European Economic Area and the United Kingdom, which mandate two-factor authentication for electronic transactions. We began this work as an experiment and made it generally available five months ago at Stripe Sessions as part of Stripe’s authentication engine. Since then, the results have been striking: the number of two-factor identification challenges shown to your customers has decreased by 20%, while fraud has declined by 8% on average for card transactions eligible for exemptions.
SCA might seem like it creates a simple choice that doesn’t require ML: either request two-factor authentication or don’t. But there’s a lot of complexity beneath the surface, particularly because there’s room to make decisions on more than 20 considerations related to authentication and SCA exemptions. Transactions that qualify for an SCA exemption are eligible to bypass authentication, meaning the customer doesn’t need to do anything further for the transaction to proceed. This can boost conversion and translate into more revenue. That makes choosing the best way to comply with SCA a key question for businesses—where the right answer can vary based on your business goals and profile.
Stripe’s authentication engine requests applicable SCA exemptions on your behalf, to reduce cardholder friction while improving fraud and meeting SCA requirements. Under the hood, the authentication engine is an ML model trained on fraud and conversion outcomes from hundreds of millions of historical transactions. For each of those transactions, it takes into account hundreds of variables ranging from authentication-specific outcomes (such as challenge success rate and the probability of frictionless authorization being granted) to charge-level fraud risk. When presented with a new transaction, the model pattern-matches against this historical data and requests the specific authentication decisions that optimize across conversion, fraud risk, and cost.
Since its launch, the authentication engine has significantly improved SCA outcomes for Stripe users. This means more legitimate transactions are proceeding faster, while fewer fraudulent ones are sneaking through—resulting in more revenue for you.
We retrain and deploy a new version of the model every few weeks, adding new features, and ensuring that we’re optimizing for the latest changes in network and issuer behavior. As a result of these continual improvements, the authentication engine’s average authorization rate has improved by 61 basis points since its launch. We’ll continue to improve the SCA model to ensure that you obtain optimal outcomes that balance conversion with fraud risk.
Read our guide to learn more about SCA.