Strong Customer Authentication (SCA)

Strong Customer Authentication (SCA) is a new payment requirement, introduced by the EU Revised Directive on Payment Services (PSD2), to make online payments more secure and to reduce fraud. SCA requires an additional proof of identity from your customers during the payment transaction, known as two-factor authentication (2FA). The authentication must use at least two of the following:

  • Knowledge – something the customer KNOWS (such as a password)
  • Possession – something the customer HAS (such as a pre-registered smartphone)
  • Inherence – something the customer IS (such as a fingerprint)

When Does SCA Apply?

SCA applies to online payments within the European Economic Area (EEA). There are exemptions to SCA when a transaction risk is low. In addition, some transaction types are out of the SCA scope.

3D Secure

3D Secure is an authentication protocol for online credit and debit card transactions that complies with SCA standards. 3D Secure 2.0, the latest revision to 3D Secure, was specifically designed to reduce friction in the transaction process and to improve order conversion. Starting January 1, 2021, cleverbridge will handle 3D Secure 2.0 authentication on hosted checkout pages for the European Economic Area (EEA).

Check out the video below to see the SCA flow for credit card payments.

The following flow charts show the SCA process for credit/debit card payments (3D Secure) in detail: