Strong Customer Authentication
Strong Customer Authentication (SCA) is a security protocol mandated by regulatory authorities, such as the European Union's Revised (PSD2), to enhance the authentication and protection of electronic payment transactions.
SCA requires the use of two or more independent factors to verify the identity of the customer initiating a payment. These factors typically include something the customer knows (e.g., a password), something the customer has (e.g., a mobile device), or something the customer is (e.g., biometric data).
The implementation of SCA aims to reduce the risk of unauthorized access and , providing an additional layer of security for online payments. Merchants and payment service providers must adhere to SCA requirements when processing electronic transactions, contributing to a more robust and secure payment ecosystem.
While SCA applies to all online payments, specific exemptions are established by legislators. Key exemptions include:
- such as memberships and subscriptions with initial authentication.
- electronic payment transactions at the (POS), a single transaction must not exceed 50 euros.
- Remote electronic where an individual transaction should not exceed 30 euros.
- Customer access to payment account balances online with authentication during the initial access.
These exemptions aim to balance security requirements with user convenience in specific transaction scenarios.