SCA – What You Need To Know

SCA – Strong Customer Authentication

Strong customer authentication is set to be enforced from the 14th September onwards.

It is being introduced as part of the second payments services directive (PSD2) and will impact various types of online payments.

This article will also look into 3DS2 and how this new version will benefit users.


What Is SCA?

Strong customer authentication (SCA) is a new regulatory requirement that will soon filter through Europe.

It’s aim is to reduce fraud and make your payments more secure online.

Extra authentication is now required before payment can be released and means you must add an extra authentication step into your checkout flow.

SCA is broken down into three elements that the customer needs to show evidence of.

They need to provide at least two pieces of information about something they:

  • have (hardware token (i.e. phone)
  • know (passwords/pins)
  • are (fingerprint/face recognition)


Without successfully providing two of the three means of authentication, banks will begin blocking payment attempts.

They will begin to start declining these transactions from the 14th September 2019.

It’s therefore best to implement this extra step in to your site as soon as possible.

You need to choose two of these three authentication steps.

When will this step be required?

This step will be used when ‘customer-initiated’ online payments are to be made.

Most card payments and ALL bank transfers will require SCA.

The extra authentication requirement will be necessary when the business and the cardholder’s bank are located in the European Economic Area.

Recurring direct debits are considered ‘merchant-initiated’ and so will not require this strong authentication.


What payments are exempt?

Not all online payments will require this additional step.

The exemptions include:

  • Low-risk transactions
  • Payments below £30
  • Fixed-amount subscriptions
  • Merchant-initiated transactions
  • Trusted beneficiaries
  • Phone sales
  • Corporate payments


It is ultimately the cardholder’s bank that will decide whether to either allow or disallow a payment.


What is 3D Secure 2.0?

3DS2 is a new authentication protocol for online card payments.

It is designed to improve upon the previous version and address the issues it brought up.

As with PSD2, banks will begin supporting this newer version of 3D Secure.


How will 3DS2 help?

There are a number of shortcomings 3DS2 will aim to improve.

The whole idea is that it improves the purchasing experience, making it quicker and safer for all parties involved in a transaction.

Let’s take a look at the improvements:

More sales with less friction

Frictionless Flow has been introduced and it means cardholders can authenticate themselves without being challenged.

This will benefit cardholders and will significantly reduce cart abandonment rates (some are predicting upto 66%!)

An increase in data collection

The more data there is collected, the more accurate the process can be in determining a transaction’s risk.

More transactions can be immediately approved and fraud rates will decrease too.

3DS2 is built for mobile

As mobile accounts for roughly half of all internet activity, 3DS2 has been built to accommodate this.

Challenge screens can be presented from the merchant’s app and the user’s experience will be as though it’s a part of the app.


Make sure your business is ready for the implementation of these new regulations.

Remember the 14th September 2019 is when the changes will begin to matter.

For more information about this, send us a message on Facebook.

To enquire about our marketing and web services, fill out a contact form below.

Continue reading