What is Strong Customer Authentication (SCA), and the European Payment Services Directive (PSD2) regulations that require it? Learn about SCA and updates Chargent is making to protect cardholders from fraud.

With the high popularity of online payments, customer security has never been more important. New regulations for customer security are being enacted in many countries, and Chargent is making big changes to adhere to these regulations and keep online payments safe and secure.

In a Nutshell

The European Payment Services Directive (PSD2) aims to better secure card transactions and protect cardholders from fraud.

A vital part of PSD2 – and the part most relevant to Chargent users – is Strong Customer Authentication (SCA).

What is Strong Customer Authentication?

SCA is a two-factor authentication requirement wherein, during a consumer initiated transaction (CIT), the cardholder must provide two of the three elements:

  • Something the cardholder knows
  • Something the cardholder owns
  • Something the cardholder is

What does that mean?

Something you know includes passwords, passphrases, PIN, sequences, and secret facts (think: security questions).

Something you own includes: cellphones, smartwatches or other wearable devices, smart cards, tokens, and badges.

Something you are includes: fingerprints, facial recognition, voice patterns, iris format, and DNA signatures. Those last couple of items are pretty intense, but are often used in high security employment like government agencies.

SCA and Europe

PSD2 is a European regulation:

  • It applies to our European customers
  • It applies to many of our customers who transact with European customers / businesses
  • The current deadline for implementation is March 2021

SCA and Australia

Australia’s requirements for SCA are a bit different as SCA isn’t universally required for customer-initiated transactions.

  • It’s required only for issuers and merchants whose fraud rate reaches a certain threshold
  • That threshold is measured on a per-quarter basis

SCA and the US

SCA isn’t a requirement in the U.S. yet, but:

  • It is likely that it eventually will be
  • It better protects our customers and their customers, and we take security very seriously

How does SCA affect Chargent?

SCA applies only to customer initiated transactions (CITs), which means that Chargent’s Payment Request and Take Payment features are affected.

Basically, anywhere within our app where the payee themselves are entering their payment data and submitting payments.

Our Solution

We’re updating both our Payment Request and Take Payment features to implement Strong Customer Authentication. When customers are using these features, they’ll be required to provide confirmation of two of the three authentication requirements (something they know, own, and are). Our updates will be ready before the deadline, and will require very little effort on the part of our customers to implement.

The security of our customers, and our customers’ customers is very important to us. Our SCA updates will further strengthen that security.

Contact us today if you have questions or want to learn more about secure online payments.

We’re always here to help.