Strong customer authentication (SCA) is a requirement under the second Payment Services Directive (PSD2) and due to come into force for eCommerce card payments on December 31, 2020 in the EU and on September 14, 2021 in the U.K. ACI has developed industry-specific resource centers to help banks, merchants, issuers, acquirers and PSPs:
- Understand the full scope of SCA and its associated regulations
- Leverage the opportunities associated with SCA
- Provide a seamless transition for your organization and its customers
Download SCA Resources Dedicated to Your Industry
What Is Strong Customer Authentication?
SCA is designed to reduce fraud and enhance consumer protection by requiring issuers and merchants in the European Economic Area (EEA) to validate the consumer for electronic payments.
The SCA check requires authentication using two of the following:
- Something the cardholder knows – e.g., a password or PIN
- Something the cardholder has – e.g., a token or mobile phone
- Something the cardholder is – e.g., a fingerprint or voice match
What Does This Mean for Issuers, Acquirers and Merchants?
- Issuers will need to perform an SCA check for every electronic payment over €30 that does not qualify for an exemption.
- There are circumstances in which issuers and acquirers will be able to exempt a transaction from SCA, reducing friction for cardholders. To do so, they must keep their fraud levels low — and will require their merchant customers to do the same.
- Merchants cannot exempt a transaction from SCA themselves. They must be able to support SCA checks from the date of implementation – and must be able to hold down fraud rates to benefit from available exemptions.