Secure Customer Authentication

Secure Customer Authentication, What is it?

What is Secure Customer Authentication?

SCA (Secure Customer Authentication) is a set of requirements that payment processors will have to meet by that is being rolled out to help prevent fraudulent payments online. It uses 2 of 3 authentication method when you are paying for products:

  1. Something you know, e.g. a PIN Number
  2. Something you are, e.g. Face ID or Fingerprint
  3. Something you have, e.g. a Credit/Debit Card

Why is SCA needed?

Over the last decade fraudulent payments have been steadily increasing with no signs of this slowing down, this has prompted the European Commission to place these SCA requirements on merchants and payment processors.

How does SCA work?

When paying for goods or services online, you will be asked to perform 2 of the above validation methods, this is similar to how Google Pay or Apple Pay currently work.

  1. Input payment details
  2. The payment processor will decide wether or not additional checks are required for this transaction
  3. Any additional checks will be carried out by the payment processor, such as a fingerprint verification or requiring your pin number.

When will SCA be required?

To reduce friction for payments SCA will only be require for some transactions, here is the list of exemptions for SCA:

  1. Low value exemption
  2. Recurring payment exemption
  3. Whitelisting (or Trusted beneficiary) exemption
  4. Secured corporate payment exemption
  5. Low risk transaction exemption (or Transaction Risk Assessment – TRA)

Deadlines:

SCA Compliance was required by the 14th September however this deadline has been extended by 18 months to allow for a phased rollout of the new regulations. This will not be affected by Brexit.