SCA (Strong Customer Authentication)

Strong Customer Authentication (SCA) is a security requirement introduced by the European Union as part of the Revised Directive on Payment Services (PSD2). This requirement mandates that electronic transactions undergo a two-factor authentication process to enhance the security of online payments and reduce the risk of fraud. SCA is applicable to payment service providers within the European Economic Area (EEA).

The core of SCA is that it requires at least two of the following three independent elements for authentication:

For card-present transactions, such as those made in physical stores, chip-and-PIN technology typically satisfies the SCA requirements by combining something the user possesses (the card) with something the user knows (the PIN). However, for online transactions, e-commerce merchants must implement additional security measures to comply with SCA requirements. This often involves the use of one-time passcodes sent via SMS, biometric verification, or push notifications through authenticated mobile apps.

The implementation of SCA aims to make online payments more secure by ensuring that electronic payments are authenticated, thus reducing the likelihood of unauthorized transactions and increasing consumer trust in digital payments. The mandate for SCA reflects a broader trend towards enhancing the security infrastructure of financial transactions in the face of rising cyber threats and evolving fraud tactics.