Login
Contact Sales
Login
CONTACT SALES

Strong Customer Authentication (SCA)

by | May 31, 2024

« Back to Glossary Index

Strong Customer Authentication (SCA) is a regulatory requirement aimed at reducing fraud and enhancing the security of electronic payments. It mandates the use of multiple factors to verify a customer’s identity before approving a transaction.

Key Points:

  1. Purpose: SCA is designed to make electronic payments more secure and to protect consumers from fraud. It is a key component of the European Union’s Revised Payment Services Directive (PSD2).
  2. Authentication Factors: SCA requires the use of at least two out of three independent authentication factors:
    • Something the customer knows: Examples include passwords or PINs.
    • Something the customer has: Examples include a mobile phone, smart card, or hardware token.
    • Something the customer is: Examples include biometric data such as fingerprints, facial recognition, or iris scans.
  3. Applicability: SCA applies to electronic transactions, including online payments, contactless payments, and any remote transactions that involve a significant risk of fraud.
  4. Exemptions: Certain transactions may be exempt from SCA under specific conditions:
    • Low-Value Transactions: Payments below a certain threshold (e.g., €30 in the EU) may be exempt.
    • Recurring Transactions: Subsequent payments in a series of recurring transactions may be exempt after the initial setup.
    • Trusted Beneficiaries: Payments to trusted recipients pre-approved by the customer may be exempt.
    • Low-Risk Transactions: Transactions assessed as low risk by the payment service provider’s fraud detection mechanisms may be exempt.
  5. Impact on Payment Processors: Payment service providers and merchants must implement SCA-compliant systems to authenticate transactions. This often involves upgrading existing payment infrastructure and integrating advanced authentication technologies.
  6. Implementation: SCA typically involves multi-factor authentication (MFA) methods such as one-time passwords (OTPs) sent to the customer’s mobile device, biometric verification, and secure token-based authentication.
  7. Regulatory Framework: SCA is a key requirement under the European Union’s PSD2, which came into effect on January 13, 2018. It aims to increase competition, innovation, and security in the payments industry across the EU.
  8. Challenges: Implementing SCA can pose challenges such as balancing security with user convenience, ensuring compliance across different jurisdictions, and updating legacy systems to support new authentication methods.
« Back to Glossary Index
Vaidyanathan Chandrashekhar

Vaidyanathan Chandrashekhar

Advisors

“Chandy,” is a technology and risk expert with executive experience at Boston Consulting Group, Citi, and PwC. With over two decades in financial services, digital transformation, and enterprise risk, he advises iComply on scalable compliance infrastructure for global markets.
Thomas Linder

Thomas Linder

Advisors

Thomas is a global tax and compliance expert with deep specialization in digital assets, blockchain, and tokenization. As a partner at MME Legal | Tax | Compliance, he advises iComply on regulatory strategy, cross-border compliance, and digital finance innovation.
Thomas Hardjono

Thomas Hardjono

Advisors

Thomas is a renowned identity and cybersecurity expert, serving as CTO of Connection Science at MIT. With deep expertise in decentralized identity, zero trust, and secure data exchange, he advises iComply on cutting-edge technology and privacy-first compliance architecture.
Rodney Dobson

Rodney Dobson

Advisors

Rodney is the former President of ADP Canada and international executive with over two decades of leadership in global HR and enterprise technology. He advises iComply with deep expertise in international service delivery, M&A, and scaling high-growth operations across regulated markets.
Praveen Mandal

Praveen Mandal

Advisors

Praveen is a serial entrepreneur and technology innovator, known for leadership roles at Lucent Bell Labs, ChargePoint, and the Stanford Linear Accelerator. He advises iComply on advanced computing, scalable infrastructure, and the intersection of AI, energy, and compliance tech.
Paul Childerhose

Paul Childerhose

Advisors

Paul is a Canadian RegTech leader and founder of Maple Peak Group, with extensive experience in financial services compliance, AML, and digital transformation. He advises iComply on regulatory alignment, operational strategy, and scaling compliance programs in complex markets.
John Engle

John Engle

Advisors

John is a seasoned business executive with senior leadership experience at CIBC, UBS, and Accenture. With deep expertise in investment banking, private equity, and digital transformation, he advises iComply on strategic growth, partnerships, and global market expansion.
Jeff Bandman

Jeff Bandman

Advisors

Jeff is a former CFTC official and globally recognized expert in financial regulation, fintech, and digital assets. As founder of Bandman Advisors, he brings deep insight into regulatory policy, market infrastructure, and innovation to guide iComply’s global compliance strategy.
Greg Pearlman

Greg Pearlman

Advisors

Greg is a seasoned investment banker with over 35 years of experience, including leadership roles at BMO Capital Markets, Morgan Stanley, and Citigroup. Greg brings deep expertise in financial strategy and growth to support iComply's expansion in the RegTech sector.
Deven Sharma

Deven Sharma

Advisors

Deven is the former President of S&P and a globally respected authority in risk, data, and capital markets. With decades of leadership across financial services and tech, he advises iComply on strategic growth, governance, and the future of trusted data in AML compliance.