SCA

A regulatory requirement designed to reduce payment fraud and increase the security of electronic transactions. It mandates that customers confirm their identity using at least two independent factors from three defined categories: something they know (e.g., a password or PIN), something they have (e.g., a phone or security token), or something they are (e.g., a fingerprint or facial recognition).

SCA was introduced under the European Union’s Second Payment Services Directive (PSD2) and applies to online payments made within the European Economic Area (EEA) and the United Kingdom. Its core purpose is to make unauthorized use of payment credentials significantly harder while maintaining a balance between security and user convenience.

When a customer initiates an online transaction, the payment gateway or issuer determines whether SCA is required. For example, low-risk payments may qualify for exemptions—such as recurring subscriptions with fixed amounts or low-value transactions—based on a real-time risk assessment. However, if the transaction exceeds certain thresholds or appears unusual, the customer must complete multi-factor authentication before the payment is approved.

In practice, 3DS is the most common technology used to fulfill SCA requirements in e-commerce. It allows card issuers to authenticate customers seamlessly through mobile banking apps, one-time passcodes, or biometric confirmation, depending on device capabilities and risk level.

Key Points:

• Definition: A PSD2-mandated requirement for multi-factor authentication in electronic payments.
• Authentication Factors: Knowledge (password), possession (device or token), and inherence (biometrics).
• Scope: Applies to electronic payments within the EEA and UK, especially for online card transactions.
• Technology: Implemented primarily through 3-D Secure 2 and similar authentication frameworks.
• Exemptions: Low-value, recurring, and trusted beneficiary payments may bypass SCA after risk analysis.

Strong Customer Authentication represents a significant shift in how online transactions are secured. It not only curtails fraud but also builds consumer trust in digital payments—encouraging continued growth in e-commerce, mobile banking, and contactless technology while aligning merchants with global compliance standards.