Strong Customer Authentication (SCA) is a new legal requirement from the European Union. It comes into force in September as part of the Revised Directive on Payment Services. PSD2 is aimed at fighting fraud and making online transactions more secure. If you’re not from, or doing business in the EU, SCA won’t affect you.
Strong Customer Authentication
Each time you pay for something online, you confirm your identity in a process known as “authentication.” Authentication protects your money online.There are three ways (or authentication factors) to prove your identity:
Knowledge: a secret that only you know (a PIN, a password…);
Ownership: a physical object in your possession (ID, credit card, mobile phone);
Inherence: a physical feature unique to you (your fingerprint, signature, Face ID, or voice.)
Strong Customer Authentication (SCA) requires anyone processing online payments to require an extra step to verify a customer’s identity when they pay with credit cards or bank transfers online.
So instead of a single form of authentication, shoppers will be asked to provide two authentication factors from the list above. The exact method (for example, entering a one-time code) will be chosen by the cardholder’s bank.
What is PSD2?
The revised Payment Services Directive 2 (PSD2) aims to better align payment regulation with the current state of the market and technology. It introduces security requirements for the initiation and processing of electronic payments, as well as for the protection of consumers’ financial data. It also recognizes and regulates Third-Party Providers (TPPs) that are allowed to access or aggregate accounts and initiate payment services.In short, PSD2 aims at facilitating consumer access to their banking data and driving innovation by encouraging banks to exchange securely customer data with third parties.