A Comprehensive Guide Of SCA Regulations For PSD2

A Comprehensive Guide Of SCA Regulations For PSD2

A Comprehensive Guide Of SCA Regulations For PSD2

One of the most important parts of PSD2 is Strong Customer Authentication (SCA), which is needed to provide ID verification for customers and drastically cut down on online transaction fraud. Strong customer authentication solutions define a path for businesses to follow in order to meet all of the standards. It offers clients a seamless and secure experience. To be clear, SCA’s major focus is on maximizing both the safety of transactions and the quality of the experience for end users.

The Timeline of Strong Customer Authentication

On September 14th, EU member countries adopted PSD2 and brought SCA with them. In the end, the year 2020 was selected as the start of implementation. Due to differences in preparation and implementation, each country has adopted a unique strategy.

An additional year, until March 14, 2022, was already granted to the United Kingdom’s eCommerce and banking industries. However, only 44% of eCommerce and online storefronts can qualify for SCA installations. In the UK, 37% of online shoppers had to go to a different store in order to complete their purchases.

Two-factor Authentication Is The Current Industry Standard

When it comes to authenticating a user’s identity, Two-Factor Authentication (2FA) is the safest and most dependable option. Multi-Factor Authentication (MFA) is another name for it.

Two-factor authentication (2FA) adds an extra layer of security to prevent fraud and keep users’ data safe. An attacker can try to take over a Facebook account, for instance, simply by obtaining the account’s login details. Due to the likelihood that the hacker is making use of a device that isn’t normally associated with the account, two-factor authentication is useful here.

For this reason, Facebook will not allow access and will instead send an email containing a link to verify the user’s identity to the address associated with the account. Because the hacker needs to supply two different pieces of information, their work is made more difficult.

Linkages in Structure

When people talk about “remote payment transactions,” they usually mean online purchases. To further protect SCA members, TPPs must use “dynamic linkage” to associate each transaction with the payment value and receiver specified in the transaction. 

When doing transactions with the TPP, the customer will need a special token or authentication number. A new validation code will be needed to complete the transfer if either the payee or the total amount due is changed.

Therefore, if someone wishes to purchase groceries online, they must be aware of the total price of their cart, including all applicable taxes and levies. Customers should also be informed as to which eateries will benefit from their purchases. 

An authorization code sent to the customer’s mailing address is then used to complete the transaction. Obtaining an authorization number for each change is required before the TPP will approve a transaction.

Some Possible Exceptions To The SCA Requirements

With a few exceptions, stringent customer verification is necessary for the vast majority of online or remote transactions. The strict consumer verification criteria imposed by the new law may not apply to certain low-risk payments. If the payment processor needs the customer’s bank’s permission to make an exception, the customer’s financial institution has the final say.

Most Frequent SCA Exemptions

  • A Low-Risk Transaction

Depending on the payment provider’s real-time risk assessment, SCA may or may not be applied to a transaction. For this to be legal, the supplier or bank in question must have a card fraud rate that is significantly lower than the industry standard.

  • Low-interest Payments Upto €30

SCA might not apply if the total price of the transaction is less than 30 euros. After 5 exemptions in a row or when the total sum of exempted transactions exceeds 100 euros, banks are still required to verify the transactions.

  • Fixed-price Memberships

SCA is only applied to the initial payment of a fixed-amount subscription when a customer initiates the subscription. SCA is not required to process monthly payments to the same company for the same amount.

  • Business Transactions

Any use of a discount card that occurs outside of the checkout process may be considered a merchant-initiated transaction, which is not covered by SCA and requires separate processing. 

No matter how often a consumer makes a purchase, they will always have to re-enter their credit card details for this particular transaction. Like any other exclusion, this one is subject to the bank’s final approval.

  • Trusted Beneficiaries

A customer may choose to designate an entity as a “trusted beneficiary” at the initial phase of the payment verification process. Once a company is added to this list, it will no longer need to submit SCA paperwork whenever it makes a transaction.

  • Direct-to-Consumer Telemarketing

If the card information is obtained over the phone, the transaction comes under “mail order and telephone orders,” which do not require SCA. The bank has final authority over the proper designation, as with any other type of transaction.

  • Corporate Expenditures

A sector where this practice is widespread in the travel business, where online travel agencies often use corporate credit cards to monitor and control employee trip expenditures. ComfortViral

Back to top