What is SCA?
Strong customer authentication (SCA) is a requirement of the EU Payment Services Directive (PSD2) on payment service providers within the European Economic Area.
The requirement ensures that electronic payments are performed with multi-factor authentication (additional element necessary), to increase the security of electronic payments.
Physical card transactions already commonly have what could be considered strong customer authentication in the EU (Card Chip and PIN code), but this has not generally been true for Internet transactions across the EU prior to the implementation of the requirement, and many contactless card payments do not use a second authentication factor.
How does it affect your customers?
Your customers may need to provide two forms of identification to their bank when shopping from you.
This applies now for face-to-face payments and applies from September 15th 2021 in the UK, and from January 1st 2021 in most of the EEA for e-commerce. If your customer cannot be identified using two factors, their payments to you might be considered non-compliant and be declined.
Your business bank, or the company that provides the checkout service for your website, will be able to “switch on” the technology required to perform the checks required by the regulation.
Please contact them to ensure you are ready to meet the new requirements for online payments from September 15th 2021.
What are the benefits?
For customers and merchants, SCA is a lock with a secure key to protect the money from end to end. Getting a lock with a secure and easy to use key establishes trust with the consumers making it safer for both customers and merchants.
For the society, SCA combats money laundering, human trafficking and terrorism by making access to money more difficult for illegal uses. In other words, SCA is an equaliser that combined with digital identity verification, it can enable everyone with a mobile phone access to money and accounts with adapted access levels for refugees and other hard-to-serve consumer groups. Governments and banks can efficiently handle benefit disbursements and basic bank accounts to manage the funds.
How can it be enforced to customers
This identity verification can vary from bank to bank but mostly will be based on those 3 ways of validation:
- Something that you know such as a password or PIN number.
- Something that you have such as a mobile phone, card reader or any other device evidenced by single use passcode.
- Something you are such as fingerprint scanner or any other way to identify yourself with a device.
The implementation schedule (EU Enforcement) for 2021 can be checked here: