SCA Compliance

Strong Customer Authentication (SCA) Compliance

Secure electronic payments and reduce your Payment Services Directive (PSD2) compliance burden with ACI Worldwide’s strong customer authentication solutions

Securing Digital Payments Around the Globe

As cross-border digital transactions become more common, customers are demanding increased security protocols to protect themselves from fraud. Some regions, like the European Union, have created regulations like PSD2 requiring payment services and providers to give their customers this extra layer of security that includes strong customer authentication.

How ACI Worldwide Supports SCA Compliance

All of ACI’s fraud solutions use the latest version of EMV 3D Secure, a security protocol based on a three-domain model, to reduce the risk of fraud and identity theft and ensure SCA compliance. ACI also works with merchants to develop strong SCA exemptions strategies that improve the customer experience and reduce lost revenue.

Merchants

What Is Strong Customer Authentication?

Strong customer authentication (SCA) is a PSD2 regulatory requirement that uses multifactor authentication to build an extra layer of security into your electronic payments platform.

What Are PSD2’s SCA Requirements?

All payment service providers must verify customers’ identities based on at least two of the following components:

1

Something the customer knows, such as a password, passphrase or personal identification number

2

Something the customer has, such as a mobile phone, wearable device, hardware token or smart card

3

Something the customer is (based on biometric data), such as a fingerprint, facial recognition scan, voice pattern or DNA signature

Failure to comply with PSD2’s SCA requirements could result in issuing banks refusing merchant transactions, which, in turn, leads to lower authorization rates.

To achieve compliance, payment service providers must implement transaction monitoring to detect any unauthorized or fraudulent scams by documenting:

  • Compromised or stolen authentication elements
  • Transaction amounts
  • Any known fraud scenarios in the provision of payment services
  • Signs of malware infection during an authentication session
  • The use of the access device or software provided to the payment service or provider

Strong Customer Authentication Exemptions

Although SCA is generally applied to all customer-initiated online transactions, PSD2 does allow for certain exemptions to eliminate friction in the payments process:

  • Low-value payments (payments below $30 USD)
  • Subscriptions and other recurring payments
  • Trusted beneficiaries, including identified trusted merchants and secured corporate payments
  • Transactions that real-time risk analysis solutions have identified as low-risk

Media

Additional Insights

Thriving Post PSD2: Conquering SCA Compliance

Going Beyond SCA and Preparing for PSD3

How an SCA Exemptions Strategy Can Grow Your Business