Strong Customer Authentication (SCA)

On 14 September 2019, the second Payment Services Directive (PSD2) will extend to online payments. New requirements for authenticating online payments will be put into place. In this short post, we’ll introduce these new requirements known as Strong Customer Authentication (SCA)

What is Strong Customer Authentication?

In order to make online payments more secure for customers and reduce fraud around the world, the Strong Customer Authentication (SCA) is being introduced in Europe as a regulatory measure.

Those companies who’s payments systems do not meet the new SCA criteria will be declined by the customer’s banks. The enforcement of the SCA is expected to be gradual, but it is likely that some banks will start requesting two-factor authentication on 14 September. Failure of authentication will lead to banks declining payments.

When is Strong Customer Authentication required?

The new SCA measures will apply to online payments that are initiated by customers within Europe. As a direct result of this, most of the card payments and all bank transfer will need to meet SCA criteria and checks. Recurring direct debits, however, are considered ‘merchant-initiated’ which means they will not require strong authentication. In person card payments are not affected by this new regulation, with the exception of contactless payments.

For these requirements to apply to online card payments, the transactions need to involve a business and cardholder bank located in the European Economic Area (EEA).

How to authenticate a payment

To date, 3D security is the common way to authenticate online card payments. 3D security is an authentication standard that is adopted by the majority of European cards. This system usually adds an extra step after the checkout process, during which the cardholder requires to provide additional information to complete the payment. This information is requested by their bank. Examples of such requests include a one-time code sent to the customer’s phone, or a fingerprint authentication that takes place via their mobile banking app.

The new version of this authentication protocal is 3D security 2. This is rolling out in 2019 ,and will become the primary online card payments authentication method that meets the new SCA criteria. This introduces a better customer experience that will minimise some of the time needed for a successful authentication to take place, thereby improving checkout flow.

Some popular card-based payments method like Apple Pay or Google Pay already support these payment flows via a layer of authentication such as biometric of password-based payments. These offer great solutions of businesses who seek to offer frictionless checkout experiences while still needing to meeting new payment security requirements.

Some popular card-based payments method like Apple Pay or Google Pay already support these payment flows via a layer of authentication such as biometric of password-based payments. These offer great solutions of businesses who seek to offer frictionless checkout experiences while still needing to meeting new payment security requirements.