The global digital payments market is expected to grow by more than 20% by the end of the decade, and alongside benefits like speed and convenience comes a risk of fraud. Compliance and security are critical, and top of mind for organizations doing business globally or in markets with a high incidence of fraud.
If you have ever wondered what is Strong Customer Authentication (SCA) – whether driven by governmental compliance mandates you became aware of, if it’s required by your payment processor, or a desire to take a proactive approach to fraud prevention, here’s what you need to know.
What is Strong Customer Authentication?
The European Payment Services Directive (PSD2) is a regulatory framework within the European Union that aims to better secure card transactions and protect cardholders from fraud.
A key feature of PSD2 is Strong Customer Authentication (SCA), a two-factor authentication requirement designed to improve the overall security of online payments. During a customer-initiated transaction (CIT), the cardholder must provide at least two out of three independent authentication factors when initiating electronic payments.
Multi-factor authentication can include:
Something They Know – like a password or phrase, PIN, sequence, or secret fact such as a security question.
Something They Have – think cell phones, smartwatches or other wearable devices, smart cards, tokens, or badges.
Something They Are – such as fingerprints, facial recognition, voice patterns, iris format, and DNA signatures.
Those last few items are pretty intense but are often used in high-security employment like government agencies – not for taking credit card payments.
Who Should Be Thinking About Strong Customer Authentication?
The short answer to this question is, probably more organizations than you might think.
SCA and Europe
Strong Customer Authentication is an EU regulation that falls under the broader Payment Services Directive (PSD2). In general, SCA applies to organizations based in the European Union, or transacting with EU customers or businesses.
SCA and Australia
In Australia, SCA isn’t universally required for customer-initiated transactions. Instead, merchants with fraud rates above a specific threshold on a per-quarter basis are required to apply Strong Customer Authentication to most transactions.
SCA and the United States
SCA is not yet a requirement in the United States, but many organizations are taking a proactive approach.
If your organization is at high risk of fraud, implementing a Strong Customer Authentication program may be a smart business decision, or it might be required by your payment processor. If you are facing a significant number of chargebacks, that is one sign that it may be time to consider your options around SCA.
Can Chargent Help Solve SCA Challenges?
Strong Customer Authentication applies only to customer-initiated transactions (CITs). For Chargent customers designing an SCA process, the Payment Request and Take Payment features are impacted – essentially, anywhere in the app where customers enter their payment data and submit payments.
The key to a successful SCA implementation is a carefully designed and thoroughly tested process that balances customer security with customer experience. If you are looking for additional guidance around security and compliance, we are always here to help. Get in touch with our sales team today.