Risk & Compliance
SCA (Strong Customer Authentication)
Definition
SCA (Strong Customer Authentication) a European regulatory requirement under PSD2 mandating two-factor authentication for electronic payments. Authentication must use two of: knowledge (PIN/password), possession (phone/card), or inherence (biometrics). Applies to EEA and UK transactions. Various exemptions exist: low-value transactions, trusted beneficiaries, transaction risk analysis, and recurring payments. 3DS2 is the primary implementation method.
Related Terms
PSD2 (Payment Services Directive 2)
European regulation governing payment services, effective since 2019. Key provisions include Strong Customer Authentication (SCA) requirements, open banking mandates, and enhanced consumer protections. Applies to EEA countries and influenced UK regulations. PSD2 changed the payment landscape by requiring 3DS for most online transactions and enabling third-party access to bank accounts.
3D Secure (3DS)
An authentication protocol that adds a verification step during online card payments. The cardholder authenticates via their bank (password, SMS code, biometrics). 3DS2 is the current version, offering frictionless authentication for low-risk transactions. Mandatory in Europe under SCA/PSD2 requirements. Shifts fraud liability from merchant to issuer for authenticated transactions. Can impact conversion rates but reduces fraud.
Need help navigating payment terminology?
We speak fluent payments. Let us translate for your business.
Talk to Us