Skip to content

Strong customer authentication (SCA) is a requirement under the second Payment Services Directive (PSD2) and due to come into force for eCommerce card payments on December 31, 2020. ACI has developed industry-specific guides to PSD2 and SCA to help banks, merchants, issuers and acquirers:

  • Understand the full scope of SCA and its associated regulations
  • Leverage the opportunities associated with SCA
  • Provide a seamless transition for your organization and its customers

Download SCA resources dedicated to your industry

What is Strong Customer Authentication?

SCA is designed to reduce fraud and enhance consumer protection by requiring issuers and merchants in the European Economic Area (EEA) to validate the consumer for electronic payments.

The SCA check requires authentication using two of the following:

  • Something the cardholder knows – e.g., a password or PIN
  • Something the cardholder has – e.g., a token or mobile phone
  • Something the cardholder is – e.g., a fingerprint or voice match

What does this mean for issuers, acquirers and merchants?

  • Issuers will need to perform an SCA check for every electronic payment over €30 that does not qualify for an exemption.
  • There are circumstances in which issuers and acquirers will be able to exempt a transaction from SCA*, reducing friction for cardholders. To do so, they must keep their fraud levels low – and will require their merchant customers to do the same.
  • Merchants cannot exempt a transaction from SCA themselves. They must be able to support SCA checks from the date of implementation – and must be able to hold down fraud rates to benefit from available exemptions.

Useful links