Skip to content
Modulr glossary

SCA (Strong Customer Authentication)

Strong Customer Authentication (SCA) is a security requirement under PSD2 that mandates multi-factor authentication for online transactions. This helps to reduce fraud and enhance payment security. There are several notable exemptions, such as when the payer and payee are the same person, where both accounts are held by the same service provider, or where transactions are initiated by businesses through a secured dedicated payment protocol. Strong Customer Authentication (SCA) is a requirement of the EU Revised Directive on Payment Services applicable to payment service providers within the European Economic Area (EEA). The requirement ensures that electronic payments are performed with multi-factor authentication (at least two of: something you have (e.g. a mobile device), something you know (e.g. a password), something you are (a biometric e.g. a fingerprint)), to increase the security of electronic payments. Examples of SCA are 3D Secure for online card payments, secure access to payment accounts and secure initiation of account-to-account payments.

Applications

E-commerce:

Reduces fraud in online card payments by verifying the cardholder's identity

Banking and fintech:

Helps issuers and payment providers comply with Strong Customer Authentication (SCA) requirements.

Advantages

  • Enhanced security: Reduces unauthorised transactions by verifying that the genuine account holder is authorising the payment
  • Fraud prevention: Helps reduce chargebacks related to fraud.

Challenges

  • User Experience: Additional authentication steps can cause friction and increase checkout abandonment
  • Implementation complexity: Requires integration with card schemes and issuer systems.

Sign up to our newsletter for our latest news and insights