Strong Customer Authentication: what you need to know

Everyone wants to make sure their finances are secure and their bank accounts untouchable. Strong Customer Authentication is a way to make electronic payments more secure. If you sell online, your SME must introduce Strong Customer Authentication requirements by 14 March 2021. What is SCA and how will it affect your business?

What is Strong Customer Authentication?

Strong Customer Authentication (SCA) is a relatively new European regulatory requirement to prevent fraud, make “customer-initiated” online and offline payments are more secure. As a result, most EEA and UK banks and card payments require the implementation of SCA. The rules came into force in Europe in 2019. However, the execution of SCA in the UK was delayed due to Brexit and Covid-19, which gave retailers more time to adapt; and the final deadline by FCA is the 14th of March 2022.

SCA requires performing additional checks to confirm the identity when a customer initiates the payment transaction. To do this, banks and card issuers might ask for a combination of two forms of identification at online checkout. It includes:

• Knowledge: a PIN/ a password/ a key code which is known only by an account holder
• Possession: things customers have, as mobile devices, to receive OTP (one-time-passcode) through SMS, email or notification
• Inherence: customer’s biometric identifiers, including fingerprint or facial recognition.

SCA Exemptions

SCA is mandated for all online transactions across the EEA and the UK, but there are many exemptions:

• Low-risk transactions: payments through acquirer or issuer whose fraud level is below a threshold.
• Low-value transactions: under the EU rules, payments under EUR 30 (£25) and cumulative payments higher than EUR 100 on the same card are considered as low value
• B2B transactions: payments between corporations.
• Recurring transactions: recurring and subscriptions for fixed-amount transactions after the first payment.

Out of scope:

• Transactions via phone or payment link.
• Interregional transactions, which involves payments from non-EEA customers or businesses.

What does it mean for UK consumers?

Since anti-fraud rules will come into force on the 14th of March in the UK, online shoppers can expect more identity checks to verify that the customer is whom they claim to be. And perhaps more card-declined messages over the coming weeks until retailers get ready for incoming changes.

Low-value retail purchases will continue to go ahead as before, however, buying more expensive items online will involve two forms of authentication. The relatively small number of online shoppers who do not use a mobile phone will need to verify their identity in another way. For example, through downloading their bank’s app or logging into online banking.

What does it mean for E-commerce merchants?

SCA regulations are for banks and card issuers. However, if your E-commerce business does not support the right authentication methods from your side, the banks and card issuers will start declining payment transactions from your customers; this will increase cart abandonment and loss of loyalty amongst your customers.

Checklist for the merchants

If your online store has not adapted the SCA yet, here are steps for you to prepare for the regulation and prevent losing sales:

OnerWay can help your business to process payments with seamless authentication via 3DS 2.0 to protect an account and transactions. Authentication can be done behind the scenes or through simple customer input. Each transaction is routed according to regulatory types, risk assessment standards and policies specific to your business. Contact our team to learn more.