Introduction to Strong Customer Authentication
Strong Customer Authentication(SCA) is authentication which is based on two or more elements known as knowledge(something that the only user knows), possession (something that user possesses) and inherence(what user is).
In this digital world, many people are using online transactions. So it is necessary to have a proper and secure transaction. For that purpose, Strong Customer Authentication is introduced, to reduce fraud in online transactions and make online transactions more secure.
To achieve SCA, you have to add an additional authentication step in your checkout process. In that additional step, It will require any two of the following three options for user authentication.
- Something the user knows(password or pin)
- Something the user has(phone and hardware token)
- Something the User is(Face recognition or fingerprint)
Strong Customer Authentication will be applied to all the “customer-initiated” online transaction. where it will not be required in “merchant-initiated” transaction. In person card payment is considered as a merchant-initiated transaction.
Currently, many card provider provides 3D secure authentication. It also includes an additional step for authentication. But with 3D secure 2 will be the main method for authentication. It will give better user experience that will minimize some of the friction that authentication add into your checkout flow. Also, some of the payment methods like Google Pay and Apple Pay also uses an authentication method like Strong Customer Authentication (biometric or password).
Some of the transaction can be exempted for using Strong Customer Authentication. It will depend on the risk level of the transaction. Your payment provider will be able to request an exemption. After that, the bank will check the risk level of the transaction and decide whether to approve exemption or whether authentication is still necessary. If the exemption request fails then payments will then have to be resubmitted to the customer with a request for Strong Customer Authentication.
It will be compulsory to use Strong Customer Authentication in Europe Economic Area from 14 September 2019.
Some EEA countries may be delaying their enforcement of PSD2 and SCA. There is a helpful "cheat sheet" outlining the latest developments: http://bit.ly/psd2Sep14. However, you should NOT STOP getting ready for PSD2 as some issuers may not honor the "2-leg in" rule. So, even if your acquirer is in a country that has opted to delay their rollout of PSD2, some of your transactions may still be challenged for SCA.
Major payment gateways have started supporting SCA. Upgrade your website to support SCA before deadline for seamless performance.
Contact Us to get a quote for upgrading payment gateway to support SCA.