Is your website or application ready for Strong Customer Authentication?

It is on Sept 14, 2019 — SCA comes into force as part of the Revised Directive on Payment Services. PSD2 is aimed at fighting fraud and making online transactions more secure.

What is (SCA) Strong customer authentication?

SCA is a new European Union requirement created to make online payments more secure. When a European shopper makes a payment, extra levels of authentication will be required at the time of the transaction.

In the past, customers could simply enter their card number and a CVC verification code, but with PSD2 regulations, more information will be required at the time of payment.

If you accept credit cards or bank transfers online, you may need to prepare for this change to provide a seamless checkout process for your customers. To make things a little simpler here is a summary of everything you need to know.

Security is top-of-mind

The core principles of the PSD2 RTS — i.e. Strong Customer Authentication (SCA), Secured Communication, Risk Management and Transaction Risk Analysis (TRA) — have been maintained, confirming the directive’s security objectives.

To protect the consumer, PSD2 requires banks to implement multi-factor authentication for all proximity and remote transactions performed on any channel.

This means using two of these three features:

  1. Knowledge: Something only the user knows, e.g. password, code, personal identification number
  2. Possession: Something only the user possesses, e.g. token, smart card, mobile handset
  3. Inherence: Something the user is, e.g. biometric characteristic, such as a fingerprint.

In addition, the elements selected must be mutually independent, which means that the breach of one should not compromise any of the others.

Smooth user experience

In order to ensure smooth user experience, PSD2 requests banks to put in place security measures that are “compatible with the level of risk involved in the payment service” to find the right balance between security and user convenience.

To simplify life for consumers, the RTS list a number of situations for which Payment Service Providers (PSPs) are not required to perform strong customer authentication. Most of these exemptions concern low-value payments, repetitive transactions and transactions to trusted beneficiaries.

How do I be SCA Compliant

As an e-commerce website owner, you should be compliant but the good news is your payment gateway has mostly to with you being SCA compliant. Most payment gateway providers to be able to do business with EU it will be required to implement an extra authentication step for accepting credit card payments.

And if your choice of payment gateway provider chooses not to comply with SCA requirements on time (Sept 14th, 2019), some credit card payments in your e-commerce store can be declined, resulting in lower conversion rates and lost sales. So while the responsibility is on the payment gateway, you are the one losing out.

But SCA doesn’t affect all merchant on the planet. What you need to be prepared depends on where you sell and how you get paid.

I’m in the Americas and not from the EU

Well if you are in the Americas, Asia or any place out of the EU, Technically SCA won’t affect you. But if sell to Europe or you customers are using an EU based credit card SCA will still apply.

You are the discretion of the cardholder’s bank to be compliant or not. Let’s just say: Some European card-issuing banks will require you to be SCA while others may not.

If you’re from the US or another non-EU country but have customers from Europe, it’s a good idea to offer an SCA-compliant payment method anyway to avoid credit card payments being declined. In this

I’m from the EU

SCA applies to you if both your customers and your banks are located in Europe, but your action beyond that depends on how you get paid for your orders.;0

I accept credit cards. It matters to you. SCA applies specifically to credit cards and bank transfers. So it’s important that you make sure your payment gateway is SCA-compliant:

  • If you accept credit cards online with Stripe or Square, we’ve automatically taken care of SCA compliance updates for you — , It’s advisable to do a compliance check to make sure your website or e-store is ready.
  • If you use other online payment options to accept credit cards or bank transfers (for example, Authorize.Net2Checkout), contact your payment gateway support team to confirm their compliance with SCA. If your payment gateway redirects customers to their website to complete transactions (such as Authorize.Net), adjustments will need to be made on the gateway-side according to the new SCA standard. If your payment gateway doesn’t have plans to comply with new SCA requirements, consider adding other payment options to your store. Selling with hosted E-commerce solution or a solution combining any of the above solutions by a bespoke custom solutions provider like Ethos Binary that can offer compliance.

I don’t accept credit cards. — If you deal with just plain old cash. You don’t have to care a damn about all these SCA compliance.

I’m from the UK

To the folks in the UK, BREXIT or NO BREXIT SCA applies to you. SCA will still apply to UK citizens.

But there’s good news: the UK has extended the compliance deadline, so you have over a year to meet the new requirements.

You don’t have to comply. But you do.

Even though there is no legal requirement to comply with SCA, it’s strategic to do so for two reasons:

  • Everyone hates a declined transaction -To be sure you’re not losing customers over declined transaction after September 14, 2019.
  • Everyone loves extra security — To offer additional security for your customers during checkout with SCA- compliant payment gateways.

It’s wise to do an audit of your current payment solution on your e-commerce store to check compliance and keep your global customers happy. If you need a consult or any help on this, feel free to reach out to

#SCA #payments #compliance #paymentsolutions #paymentgateway #EU #Authentication #security #ecommerce #PSD2 #magento #woocommerce #bigcommerce #shopify

Leave a Comment

Your email address will not be published. Required fields are marked *