Couple using computer at home

What is Strong Customer Authentication (SCA) and What is its Effect on Transactions?



What are Strong Customer Authentication (SCA) Requirements?

PSD2 regulations affect eCommerce businesses that are operating in the European Economic Area (EEA). One of the major requirements when PSD2 went into effect was for merchants to build more stringent Strong Customer Authentication (SCA) protocols into checkout flows for online transactions originating in Europe.

SCA requires authentication to use at least two of the following three elements:

  • Something the customer knows (e.g. password or PIN)
  • Something the customer has (e.g. phone or hardware token)
  • Something the customer is (e.g. fingerprint or face recognition)

SCA guidelines are designed to require more data in order to authenticate identities and protect customers. When implemented well, they won’t automatically lead to greater friction. In fact, compliance can actually create a better experience for customers.

These guidelines only apply to “customer-initiated” payments, whereas “merchant-initiated” payments, such as recurring direct debits, won’t require strong authentication. Additionally, merchants can apply for a variety of SCA exemptions. Transactions under €30 ($33.93 USD) are for the most part exempt, and if a payment service provider (PSP) has an aggregate fraud rate below a certain threshold, merchants using that PSP can apply for an exemption.

The Effect of SCA on Transactions

If European-based transactions are not SCA compliant, merchants likely see a decline on these transactions.  Retailers with high-value transactions (over €30) face more scrutiny for compliance.

Merchants also face issues mobile transactions. Mobile users are more likely to be bounced from the checkout process with the introduction of additional friction. What once might have been a quick impulse buy becomes a chore when a consumer is on their mobile device and asked to log into their bank account to finish the transaction.

Want to learn more? Our Vice President of EMEA, Spencer McLain, was featured on PYMNTS’s blog talking about how strong customer authentication (SCA) mandates are reshaping the relationship between companies and their end customers — and how the eCommerce landscape is likely to change as a result. Read the article here.

Related content