What is SCA and will it affect your business?
Strong Customer Authentication (SCA) be rolled out from September 14th, 2019 and will ensure that consumers are better protected when they make electronic payments or transactions online. This includes using online banking or buying products or services online.
This is a European-wide directive that forms part of the PSD2 which is the second EU Payments Service Directive.
The original directive was established in 2007 and built on three key areas:
1. Increased consumer rights in payments
2. Regulating third-party access to account information
3. Enhanced security
For the enhanced PSD2, point 3 above, ‘enhanced security’ has paved the way for the new SCA requirements.
In practical terms, (SCA) means consumers making electronic payments need to prove their identity using at least two of the following;
- Something they know (such as a pin code or secure password)
- Something they own (a card, a mobile phone)
- Something they are (biometrics, e.g. fingerprint or iris scan)
SCA is already commonly used throughout Europe, for example when you use your card in a traditional high street store, you are required to use your pin code on the reader. However, if you’re purchasing something online, the remote electronic payment does not require this – whether this is a card payment or a credit transfer from an online bank.
For card and credit transfer payments, SCA is already applied in some EU countries including Belgium, The Netherlands and Sweden. The rest of Europe to date apply SCA on a voluntary basis.
From September 14, 2019 SCA must be used to access one’s payment account and make online payments. Banks and other payment service providers have been aware of PSD2 and the new SCA regulations so have been working on putting the necessary infrastructure in place.
It is hoped that SCA improves fraud management. Rather than this act as a deterrent for purchasing or paying online, it is hoped that this enhanced security will instil more confidence in the consumer – particularly as cyber crime is on the rise.
In cases of fraudulent payments, consumers will be entitled to a full reimbursement. Security will be further enhanced for online payments by linking, via a one-time password, the online transaction to its amount and to the beneficiary of the payment. This ensures that in case of hacking, the information obtained by a potential fraudster or hacker cannot be re-used to initiate another transaction. This procedure is already in application in countries such as Belgium and has led to significant fraud reduction for online payments.
If you collect payments into your business on a regular basis using payment collection services like GoCardless or Paypal, then new infrastructure will have been put in place by those providers. While there is nothing you need to do as a merchant using these payment collection services, it is wise to understand how your payment collection service has changed and implemented SCA.
Over the next few weeks we will bring you the latest news from common payment collection services so you can stay informed about each change.
If you need more information about SCA or advice on how to ensure your business is set up for SCA, get in touch firstname.lastname@example.org