Skip to content

Merchant Guide to PSD2 and Strong Customer Authentication

To help merchants proactively address SCA, ACI has produced our Merchant Guide to PSD2 and Strong Customer Authentication. In addition to downloading this guide, ACI recommends that merchants:

  • Continue to fraud screen transactions and work closely with acquirers to secure the exemptions best suited to their business
  • Maintain the flexibility to switch acquirers and negotiate acquiring services
  • Encourage regular customers to ask their issuers to ‘white list’ them as a trusted merchant provider

If you’re a PSP, here’s how to help your merchant customers.

PSD2 guide

What is SCA?

Strong Customer Authentication is a requirement under the second Payment Services Directive (PSD2) and due to come into force on September 14, 2019. (A newly published opinion from the European Banking Authority indicates that limited additional time may be granted for migration to SCA compliant authentication).

SCA is designed to reduce fraud and enhance consumer protection, by requiring issuers and merchants in the European Economic Area (EEA) to validate the consumer for electronic payments.

The SCA check requires authentication using two of the following:

PSD2 implications

What does this mean for issuers, acquirers and merchants?

  • Issuers will need to perform an SCA check for every electronic payment over €30 that does not qualify for an exemption.
  • There are circumstances in which issuers and acquirers will be able to exempt a transaction from SCA*, reducing friction for cardholders. To do so, they must keep their fraud levels low – and will require their merchant customers to do the same.
  • Merchants cannot exempt a transaction from SCA themselves. They must be able to support SCA checks from September – and must be able to hold down fraud rates to benefit from available exemptions.

Merchants are advised to implement the latest version of 3D Secure by the September deadline, to secure exemptions from SCA


Useful links