What is Strong Customer Authentication (SCA)?
Strong Customer Authentication is a requirement of the revised PSD2 mandate in Europe, which increases security for electronic payments. Payment Services Directive 2 focuses on customer protection by providing safer payment services across European borders since 2019.
Along with secure payments, it also minimizes the fraud risk with electronic payments through authentication. Here we will discuss its working, benefits, and other technicalities.
How does Strong Customer Authentication work?
SCA uses MFA authentications to secure all electronic payments. There are 3 main authentication criteria:
- - Something only that person knows (Pin code or password)
- - Something only that person has (their specific device)
- - Something that can identify that person (biometrics like a fingerprint)
For SCA to work, any 2 of these three criteria must be met. Otherwise, the transaction does not proceed. SCA applies to all customer-initiated transactions from banks or credit card companies within EEA.
When do we need Strong Customer Authentication, and how to authenticate?
There are two main categories of electronic payments. One category is known as merchant-initiated, which usually includes debit card payments. This category of electronic payment does not need any authentication.
On the other hand, there are customer-initiated electronic payments (both online and offline). All of these payments need SCA, especially when the customer's bank and business bank are both present within EEA.
How to authenticate
3D Secure is a common authentication standard that is supported by a lot of European cards. When applied, it will add a step during payment processing where the bank provides additional information to verify a transaction.
This information can be provided on their phone as an OTP, or the customer may need to authenticate with their biometrics within the banking app.
3D Secure 2 is another way of authentication that meets SCA requirements. It uses the same authentication process with a difference in the flow of the process to minimize the friction in the checkout flow.
Exemptions in SCA
When SCA is applied, all the payments coming under the banks in EEA need authentication. Although it may increase security, there are chances of the low-risk payments creating a bad experience. So, some payment-providing solutions can provide exemptions for such low-risk payments.
In such a scenario, the bank gets requested to assess the risk level and depending on that, the bank either approves exemption or makes authentication necessary. In this way, all the high-risk transactions get an additional level of security while the low-risk transactions get an exemption. Some common examples of the exemptions include:
- - Transactions with a value lower than £30
- - Recurring transactions with the same subscriptions or businesses
- - Transactions with the trusted beneficiaries
- - Low-risk transactions after being assessed by fraud prevention solution in real-time
- - Merchant-initiated transactions (excluding the first time when a card is saved in their information)
What happens when exemptions fail?
There could be a scenario where exemption fails for a specific transaction. The bank returns a decline code for such transactions because of missing authentication. So, the customer has to reinitiate such transactions with SCA and authenticate to complete that transaction.
Benefits of SCA
Strong Customer Authentication does come with several benefits by securing payments. Here is a list of some of the best benefits:
- - It reduces the chances of fraudulent payments. The account holder can only verify whenever SCA is used; it uses authentication perimeters. So, the chances of fraud using electronic payment get significantly low
- - With SCA, customers get added peace of mind and confidence for electronic transactions.
- - SCA provides market-wide compliance in the European Economic Area so users can experience the same levels of security everywhere.
With all these benefits, SCA does not increase the transaction time a lot, as there are only a few seconds difference.
Conclusion
With the increase in electronic payments, there is a significant increase in fraud and scams. Strong Customer Authentication brings an added layer of security by using petameters that are personal to the user.
Image source: Freepik