Utilized with debit and credit cards, SCA is a security requirement for payment service providers operating in the European Economic Area. Essentially, it requires payment gateways to integrate multi-factor authentication for increased security, and it applies to both face-to-face and remote circumstances and card-present and card-not-present transactions.
Strong Customer Authentication is a component of the EU’s Revised Directive on Payment Services (PSD2) and went into full force on September 14, 2019, with certain countries, such as France, Italy, and Ireland, receiving extensions. Since SCA is included in the EU’s Payment Services Directive 2 (PSD2), it applies to all payments made and received inside the EEA. This consists of all enterprises, banks, and payment gateways in the EU, Iceland, Norway, and Liechtenstein. Since PSD2 was introduced in 2019, is also been part of UK law and applies to UK-based enterprises.
Not quite 3-D Secure is a security layer protocol, and SCA is one of its primary characteristics and a crucial need for PSD2 compliance. Each of them works in its manner to make card payments more secure. SCA is closely related to the notion of KYC, which stands for Know Your Consumer since it demands the customer to provide more information. SCA impacts KYC procedures since it is a legal obligation in some regions. Integrating SCA with eKYC may improve the user experience and decrease friction.
Strong Customer Authentication works directly to reduce credit card fraud, including situations in which thieves use or test card data obtained via illicit techniques such as card cloning. In addition, by verifying the customer’s identity as the cardholder, SCA eliminates some instances of chargeback fraud. Thus, criminals have much fewer possibilities to perpetrate card-related crimes, while banks, merchants, payment processors, and customers are better protected.
SCA adds friction to the transaction, requiring consumers to complete an extra step. Merchants, particularly in eCommerce, are mindful of fiction because potential customers who are required to do “too much” in order to complete a purchase are prone to leave their shopping carts and are likely to select a rival in the future. Following all regulatory obligations, including SCA, and adopting effective fraud protection strategies must be matched with user-friendliness and a pleasant, frictionless customer experience for businesses, particularly online.
Below is an infographic from LoginID entitled “How Delegated Authentication and Payment Authentication work with PSD2.”