What you need to know about Strong Customer Authentication (SCA)
Technological innovation coupled with a surge in online shopping is changing the payments sector, exposing banks to fresh competition and consumers to greater security threats. In 2017 alone, unauthorised financial fraud amounted to a huge £732 million.
This has prompted the European Union to implement its Revised Payments Services Directive (PSD2) from January 2018 to make transactions safer, increase consumers’ protection and foster innovation and competition. Strong Customer Authentication (SCA) is one element of PSD2 which is due to take effect on 14 September 2019, however the FCA has extended the deadline by 18 months for UK issuers and merchants. Here’s an overview of what you need to know.
What is Strong Customer Authentication (SCA)?
SCA is one of the mandates under PSD2 that’s focused on protecting customer data. The rules require online transactions to be validated using 2-factor authentication and this must include two of the three following elements.
• Knowledge, or something only the customer knows, such as a password or PIN.
• Possession, or something only the customer has, such as a bank card.
• Inherence, or something the customer is, such as a fingerprint.
Why is SCA coming into force?
Largely to reduce the risk of fraud for electronic transactions and to enhance the protection of customer data.
Does SCA impact direct debits?
No. Most card payments and all bank transfers will require SCA but Direct Debits, contactless payments and in-person card payments won’t be impacted by the new regulation.
What about SCA for e-commerce?
Online shops will need to build additional authentication into the checkout to comply with SCA requirements. The only exceptions are low value or subscription payments. Dynamic authentication tools, such as the new version of 3D Secure (3D Secure 2.0) will be the main method for this, so now is the time to start exploring the options.
Finally, the SCA rules will apply to transactions where both the business and the cardholder’s bank are located in the European Economic Area and crucially – they’re expected to be enforced regardless of the outcome of Brexit!