SCA Compliance

Strong Customer Authentication (SCA) Compliance

Secure electronic payments and reduce your Payment Services Directive (PSD2) compliance burden with ACI Worldwide’s strong customer authentication solutions

Request a Consultation

Securing Digital Payments Around the Globe

As cross-border digital transactions become more common, customers are demanding increased security protocols to protect themselves from fraud. Some regions, like the European Union, have created regulations like PSD2 requiring payment services and providers to give their customers this extra layer of security that includes strong customer authentication.

How ACI Worldwide Supports SCA Compliance

All of ACI’s fraud solutions use the latest version of EMV 3D Secure, a security protocol based on a three-domain model, to reduce the risk of fraud and identity theft and ensure SCA compliance. ACI also works with merchants to develop strong SCA exemptions strategies that improve the customer experience and reduce lost revenue.

Understand and Navigate SCA Requirements

Merchants

What Is Strong Customer Authentication?

Strong customer authentication (SCA) is a PSD2 regulatory requirement that uses multifactor authentication to build an extra layer of security into your electronic payments platform.

What Are PSD2’s SCA Requirements?

All payment service providers must verify customers’ identities based on at least two of the following components:

Something the customer knows, such as a password, passphrase or personal identification number

Something the customer has, such as a mobile phone, wearable device, hardware token or smart card

Something the customer is (based on biometric data), such as a fingerprint, facial recognition scan, voice pattern or DNA signature

Failure to comply with PSD2’s SCA requirements could result in issuing banks refusing merchant transactions, which, in turn, leads to lower authorization rates.

To achieve compliance, payment service providers must implement transaction monitoring to detect any unauthorized or fraudulent scams by documenting:

Compromised or stolen authentication elements
Transaction amounts
Any known fraud scenarios in the provision of payment services

Signs of malware infection during an authentication session
The use of the access device or software provided to the payment service or provider

Strong Customer Authentication Exemptions

Although SCA is generally applied to all customer-initiated online transactions, PSD2 does allow for certain exemptions to eliminate friction in the payments process:

Low-value payments (payments below $30 USD)
Subscriptions and other recurring payments
Trusted beneficiaries, including identified trusted merchants and secured corporate payments
Transactions that real-time risk analysis solutions have identified as low-risk

Swedbank Goes Beyond SCA To Protect Customers by Achieving Compliance in Just Seven Months

Media

Additional Insights

Thriving Post PSD2: Conquering SCA Compliance

Get the Guide

Going Beyond SCA and Preparing for PSD3

Listen to the Podcast

How an SCA Exemptions Strategy Can Grow Your Business

Watch the Webinar

Stay Secure

ACI’s industry-leading fraud prevention is delivered via a powerful combination of machine learning, predictive and behavioral analytics, positive profiling, customized fraud strategies and expert support.