Strong Customer Authentication (SCA) is a requirement introduced in the EU’s revised Payment Services Directive (PSD2) for authenticating online payments. It requires banks to request additional forms of validation to confirm someone’s identity in order to complete online transactions.
Strong customer authentication (SCA) is a requirement of the EU Revised Directive on Payment Services (PSD2). It requires electronic payments to be performed with multi-factor authentication, in order to increase security.
There has been some criticism that SCA causes increased friction when it comes to making online payments.
Strong Customer Authentication (SCA) means an authentication based on the use of two or more elements categorized as:
- knowledge (information which is only known to the customer),
- possession (items which are only in the possession of the customer) and
- inherence ((biometric features that identify the customer)
These elements are independent, in that the breach of one does not compromise the reliability of the others.
Unless a transaction is out of scope or an exemption applies, providers must apply SCA when a customer:
- accesses their payment account online;
- initiates an electronic payment transaction; or
- carries out any action through a remote channel which may imply a risk of payment fraud or other abuses