SCA (Strong Customer Authentication)
Strong Customer Authentication (SCA) is a security requirement under PSD2 that mandates multi-factor authentication for online transactions. This helps to reduce fraud and enhance payment security. There are several notable exemptions, such as when the payer and payee are the same person, where both accounts are held by the same service provider, or where transactions are initiated by businesses through a secured dedicated payment protocol. Strong Customer Authentication (SCA) is a requirement of the EU Revised Directive on Payment Services applicable to payment service providers within the European Economic Area (EEA). The requirement ensures that electronic payments are performed with multi-factor authentication (at least two of: something you have (e.g. a mobile device), something you know (e.g. a password), something you are (a biometric e.g. a fingerprint)), to increase the security of electronic payments. Examples of SCA are 3D Secure for online card payments, secure access to payment accounts and secure initiation of account-to-account payments.
Applications
E-commerce:
Reduces fraud in online card payments by verifying the cardholder's identity
E-commerce:
Reduces fraud in online card payments by verifying the cardholder's identity
Advantages
- Enhanced security: Reduces unauthorised transactions by verifying that the genuine account holder is authorising the payment
- Enhanced security: Reduces unauthorised transactions by verifying that the genuine account holder is authorising the payment
Challenges
- User Experience: Additional authentication steps can cause friction and increase checkout abandonment
- User Experience: Additional authentication steps can cause friction and increase checkout abandonment
