Strong Customer Authentication (SCA) Compliance
Secure electronic payments and reduce your Payment Services Directive (PSD2) compliance burden with ACI Worldwide’s strong customer authentication solutions
Securing Digital Payments Around the Globe
As cross-border digital transactions become more common, customers are demanding increased security protocols to protect themselves from fraud. Some regions, like the European Union, have created regulations like PSD2 requiring payment services and providers to give their customers this extra layer of security that includes strong customer authentication.
How ACI Worldwide Supports SCA Compliance
All of ACI’s fraud solutions use the latest version of EMV 3D Secure, a security protocol based on a three-domain model, to reduce the risk of fraud and identity theft and ensure SCA compliance. ACI also works with merchants to develop strong SCA exemptions strategies that improve the customer experience and reduce lost revenue.
What Are PSD2’s SCA Requirements?
All payment service providers must verify customers’ identities based on at least two of the following components:
Something the customer knows, such as a password, passphrase or personal identification number
Something the customer has, such as a mobile phone, wearable device, hardware token or smart card
Something the customer is (based on biometric data), such as a fingerprint, facial recognition scan, voice pattern or DNA signature
Failure to comply with PSD2’s SCA requirements could result in issuing banks refusing merchant transactions, which, in turn, leads to lower authorization rates.
To achieve compliance, payment service providers must implement transaction monitoring to detect any unauthorized or fraudulent scams by documenting:
- Compromised or stolen authentication elements
- Transaction amounts
- Any known fraud scenarios in the provision of payment services
- Signs of malware infection during an authentication session
- The use of the access device or software provided to the payment service or provider
Strong Customer Authentication Exemptions
Although SCA is generally applied to all customer-initiated online transactions, PSD2 does allow for certain exemptions to eliminate friction in the payments process:
- Low-value payments (payments below $30 USD)
- Subscriptions and other recurring payments
- Trusted beneficiaries, including identified trusted merchants and secured corporate payments
- Transactions that real-time risk analysis solutions have identified as low-risk
Thriving Post PSD2: Conquering SCA Compliance
Going Beyond SCA and Preparing for PSD3
How an SCA Exemptions Strategy Can Grow Your Business