Any international company that has ‘1 leg out transactions’, meaning they are physically based outwith the European economic zone but deal with customers within this region, are required under PSD2 to apply authentication measures to payments and transactions. Due to this, despite perhaps not being required by regulations in their country of origin, they have started looking into implementing authentication measures for all transactions (not just those dealing with European customers to meet PSD2 compliance). The benefit is, of course, a reduction in fraud rates.
Many countries are following suit with regulations to introduce their own version of SCA for online payments. Brazil, for example, already has two-factor authentication for domestically issued cards. Similar initiatives exist in India, Australia and South Africa (each having its own exemptions based on what they deem to be acceptable levels of risk - i.e. authentication is only required for transactions above a certain threshold). Japan is also planning to introduce their own version of SCA.
Africa is a unique example, showing the contrasts of how SCA can succeed, or be a perceived hindrance, due to the very nature of payments in the country. Although countries like Kenya are showing innovation in fintech companies introducing SCA measures, in Nigeria, mobile payments are immensely popular. Such payments are often performed through 2G phone networks, without the need for an internet connection - making the task of effective authentication of users more difficult. The major concern for African merchants is that any SCA measures are causing friction for customers and impacting conversions. Despite a rise in e-payments, it must be remembered that cash still holds the top spot for daily payments and transactions across Africa. eCommerce will grow here over the next 5 years, so effective authentication measures must meet the challenges of ensuring frictionless experiences while keeping fraud rates to a minimum.