Strong Customer Authentication (SCA) is a new regulatory requirement in Europe intended to reduce instances of fraud and make online payments more secure for both customers and businesses. To ensure SCA compliance, businesses will need to build stronger authentication workflows into the checkout process. SCA requires that this enhanced authentication use at least two of the following three elements:
– Something the customer knows (password or PIN)
– Something the customer has (phone, hardward token)
– Something the customer is (fingerprint, facial recognition)
For the time being, SCA applies only to “customer-initiated” online payments within Europe. Most credit card payments and all bank transfers will require SCA, whereas recurring direct debits are considered “merchant-initiated” and don’t require strong authentication. Except for contactless payments, in-person card payments are currently not impacted by this new regulation. The most common method of ensuring SCA compliance is through 3D Secure–asking for additional information such as a one-time pin or fingerprint scan through your mobile app–which is common for most European cards.