Login
Contact Sales
Login
CONTACT SALES

Strong Customer Authentication (SCA)

by | May 31, 2024

« Back to Glossary Index

Strong Customer Authentication (SCA) is a regulatory requirement aimed at reducing fraud and enhancing the security of electronic payments. It mandates the use of multiple factors to verify a customer’s identity before approving a transaction.

Key Points:

  1. Purpose: SCA is designed to make electronic payments more secure and to protect consumers from fraud. It is a key component of the European Union’s Revised Payment Services Directive (PSD2).
  2. Authentication Factors: SCA requires the use of at least two out of three independent authentication factors:
    • Something the customer knows: Examples include passwords or PINs.
    • Something the customer has: Examples include a mobile phone, smart card, or hardware token.
    • Something the customer is: Examples include biometric data such as fingerprints, facial recognition, or iris scans.
  3. Applicability: SCA applies to electronic transactions, including online payments, contactless payments, and any remote transactions that involve a significant risk of fraud.
  4. Exemptions: Certain transactions may be exempt from SCA under specific conditions:
    • Low-Value Transactions: Payments below a certain threshold (e.g., €30 in the EU) may be exempt.
    • Recurring Transactions: Subsequent payments in a series of recurring transactions may be exempt after the initial setup.
    • Trusted Beneficiaries: Payments to trusted recipients pre-approved by the customer may be exempt.
    • Low-Risk Transactions: Transactions assessed as low risk by the payment service provider’s fraud detection mechanisms may be exempt.
  5. Impact on Payment Processors: Payment service providers and merchants must implement SCA-compliant systems to authenticate transactions. This often involves upgrading existing payment infrastructure and integrating advanced authentication technologies.
  6. Implementation: SCA typically involves multi-factor authentication (MFA) methods such as one-time passwords (OTPs) sent to the customer’s mobile device, biometric verification, and secure token-based authentication.
  7. Regulatory Framework: SCA is a key requirement under the European Union’s PSD2, which came into effect on January 13, 2018. It aims to increase competition, innovation, and security in the payments industry across the EU.
  8. Challenges: Implementing SCA can pose challenges such as balancing security with user convenience, ensuring compliance across different jurisdictions, and updating legacy systems to support new authentication methods.
« Back to Glossary Index