SCA, better known as Strong Customer Authentication, is a need of the revised Payment Services Directive 2 or PSD2 mandate. The main goal is to increase the level of security and minimize the number of fraud cases related to the electronic payment section. The main goal of PSD2 is to protect the consumers and promote banking innovation at its best. It further helps in facilitating safer cross-border-based European payment services.
SCA first came into the limelight in 2019. With current approval by EEA, the implementation deadline can be pushed to around December 31st. 2021.
Getting along with the authentication value right now:
SCA will always need those electronic payments that will use multi-factor authentication. For passing that authentication, it is mandatory to meet two out of the three criteria as mentioned below:
- Anything that only the customer will know, like a PIN code
- Something that only the chosen customer has, like their phone
- Anything that will identify who that customer is, like a fingerprint
SCA is mainly targeted to be an authentication based on using either two or more elements as categorized as knowledge, inherence, and possession. Now, banks always have the right to decline payments that fail to meet the authentication needs or criteria.
Who SCA will affect the most:
SCA is mostly applied to the customer-initiated transactions, where the acquiring bank of the merchant and the bank issuing the debit or credit card of the buyer are located within EEA or the European Economic Area.
The exemptions to follow:
There are some exemptions available, which depend on the transaction amount over here. It also depends on the perceived risk and even frequency of occurrence. Some of the exemption examples to follow are:
Lower risk transaction:
- It takes about the bank or the payment provider’s overall fraud cases for the card payments will not exceed the defined threshold.
- The transaction total is less than 30 euros. But, there will be some limitations on the times an exempt transaction can skip out the authentication level.
Fixed amount based subscriptions:
- Recurring transactions will be the examples where the customer pays the exact equal amount to the same business.
- The very first payment is going to be authenticated. Stripe Billing is one option that takes exemption under this field.
Phone sales:
- Here, the card details are collected right over the phone just outside the SCA scope and won’t need any form of authentication.
- This form of payment is primarily referred to as MOTO or “Mail Order and Telephone Orders.”
- But, the bank of the cardholder will always have the right to reject or accept the said transactions over here.
Getting in touch with the SCA benefits beforehand:
From the points mentioned above, you will understand the value of psd2 sca requirements for sure. But, it is always important to learn more about the SCA benefits before you proceed further with this section right now. So, let’s focus on those points right away!
- You get the chance to emphasize the market-wide compliance over here.
- Moreover, you get the chance to increase the current consumer confidence around those online transactions over here.
- Furthermore, you get the chance to reduce the level of fraud, which is another plus point to consider.
The value behind dynamic linking:
Dynamic linking is always a new requirement of PSD2, and it involves dynamically linking the authentication tokens to the specified payment amount and specified payee of the said transactions.
- When it comes to some changes to the payee or the payment amount, the authentication token won’t be valid, and a new one needs to be used and generated.
- The addition of such dynamic linking points in the field of SCA will result in a proficiently encompassed added authentication layer. It remains beyond the currently required guidelines.
The 3D secure 2 and PSD2 can ensure safe and secured online transactions:
The current development of the PSD2 has seen some strong overlap with some functions of the new 3D Secure 2 protocol, mainly when it comes to SCA, and that includes TFA and OTPs.
- 3DS2 will always adapt to the SCA with the proper use of MFA, and that will include biometric authentication like facial recognition or fingerprints, OTPs, and QR codes that mobile apps can use for scanning.
- The best news for issuers and merchants is that 3DS 2 will align fully with the principles, which are well-established in PSD2 and will offer some major benefits to the issuers, merchants, and even to general consumers.
Understanding everything about SCA PSD2 is always a necessity. Once you are sure of the benefits that come with this safety module, you will end up keep using this feature even more. Nothing is better than managing safety, and SCA PSD2 is here to do the same.