BACK

Strong Customer Authentication (SCA)

Strong Customer Authentication: What You Need to Know About SCA in 2021 Strong customer authentication, or SCA, is not simply a description of verification standards. Under the Revised Payment Services Directive (PSD2), SCA is now a law in the European market. SCA protocols actually went into effe ......

Strong Customer Authentication: What You Need to Know About SCA in 2021
Strong customer authentication, or SCA, is not simply a description of verification standards. Under the Revised Payment Services Directive (PSD2), SCA is now a law in the European market.
SCA protocols actually went into effect in 2019, but not all merchants are using them yet. The UK's Financial Conduct Authority (FCA) extended the deadline for compliance. eCommerce merchants now have until March of 2022 to become fully compliant with the new regulations.
In extending the deadline, the FCA is acknowledging the magnitude of the SCA mandates. These rules have the potential to completely reshape how eCommerce is conducted. So, let’s examine what the new standards mean, and how you, as a merchant, should respond.
What Is Strong Customer Authentication?
Back in October 2015, the European Parliament adopted a new set of regulations for the payments industry. PSD2 was designed to govern how third-party services like Google or Facebook can operate in the European market. Another part of this directive, however, set standards for how businesses should authenticate buyers.
In simple terms, the rule requires an extra layer of authentication during checkout for all transactions conducted in the European Union or the United Kingdom. Limiting verification to card number, address, and CVV is no longer enough. You must now verify the buyer’s identity according to at least two of the following three factors:
* Possession: Something the user possesses, like a physical payment card.
* Knowledge: Something the user knows, like a 3-D Secure code attached to an account.
* Inherence: Something the user inherently is, like a fingerprint or other biometric impression.
At least two of these three items must be verified to the issuing bank’s satisfaction. Otherwise, there’s a good chance the transaction will be declined.
What Does SCA Mean for Merchants?
Strong Customer Authentication standards are designed to protect European consumers from attempted online fraud. This could potentially prevent billions of euros in annual losses. To date, however, adoption of the regulations could be best described as a mixed bag.
Additional security for card-not-present (CNP) purchases is increasingly important, particularly for eCommerce merchants. The benefits of SCA, however, appear to be at least partially negated by the added friction.
Additional security for card-not-present (CNP) purchases is increasingly important, particularly for eCommerce merchants. The benefits of SCA, however, appear to be at least partially negated by the added friction.