What is Strong Customer Authentication (SCA)
The new EU Payments Services Directive (PSD2) took effect in January 2018, bringing in new laws aimed at enhancing consumer rights and reducing online fraud.
A key element of PSD2 is the introduction of additional security authentications for online transactions over €30, known as Strong Customer Authentication (SCA). It means customers will no longer be able to checkout online using just their credit or debit card details, they will also need to provide an additional form of identification.
Why is SCA Needed?
Payment fraud losses have been steadily increasing for nearly a decade with little sign of easing. The European Commission has intervened by placing SCA requirements on participants to reduce fraud as one of the core components of PSD2.
Download our full SCA guide today which provides more details covering its use, key legislation and elements that businesses are required to adhere to. The full guide provides extensive information about what SCA means for your business, which can be extremely useful in making sure your payment systems are setup in the most effective way.
Please enter your email address to download this file.
Although the news headlines have been of a delay in implementation of Strong Customer Authentication, this is clearly an over-simplification. All advice within the market is for merchants to push ahead with preparations as soon as possible. We recommend that all merchants contact their acquirer to confirm what they need to do and when The likely impact of the change is hard to assess.
Face to Face Transactions
In the UK, the plan says that the Managed Rollout applies only to e-commerce, so these are in scope.
SCA will be required, typically this will be in the form of chip and pin, though potentially other methods if the card presented is on a phone app.
Contactless transactions are exempt provided that they are for under 50 Euros and cumulatively no more than 5 contactless transactions or 150 Euros worth have taken place since the last full SCA authentication.
Recurring transactions continue to cause confusion. What is known is recurring transactions for the same amount to the same merchant (e.g. subscriptions) are out of scope for SCA providing the first transaction took place using SCA and a separate contract is in place permitting the payments. These are termed Merchant Initiated Transactions (MITs).
Some allowance may be made where a second payment is collected perhaps as part of fulfilling an initial order, but there remains debate on how this will operate.