SCA

Strong Customer Authentication (SCA) is a security protocol mandated by regulatory authorities, such as the European Union’s Revised Payment Services Directive (PSD2), to enhance the authentication and protection of electronic payment transactions.

SCA requires the use of two or more independent factors to verify the identity of the customer initiating a payment. These factors typically include something the customer knows (e.g., a password), something the customer has (e.g., a mobile device), or something the customer is (e.g., biometric data).

The implementation of SCA aims to reduce the risk of unauthorized access and fraudulent transactions, providing an additional layer of security for online payments. Merchants and payment service providers must adhere to SCA requirements when processing electronic transactions, contributing to a more robust and secure payment ecosystem.

While SCA applies to all online payments, specific exemptions are established by legislators. Key exemptions include:

• Recurring transactions such as memberships and subscriptions with initial authentication.
• Contactless electronic payment transactions at Point of Sale (POS), a single transaction must not exceed 50 euros.
• Remote electronic Low-Value Transactions where an individual transaction should not exceed 30 euros.
• Customer access to payment account balances online with authentication during the initial access.

These exemptions aim to balance security requirements with user convenience in specific transaction scenarios.

Recommended articles:

What is Strong Customer Authentication (SCA)