What is SCA?
Strong Customer Authentication (SCA) is a new regulation that will take effect on September 14th 2019 as part of PSD2 regulation in Europe, will require changes to how your European customers authenticate online payments. This regulation applies to online payments where the customer’s bank and the business are both in the European Economic Area.
Strong Customer Authentication (SCA) is a core part of the second Payment Services Directive (PSD2) set up by the European Commission as a requirement to reduce online fraud cases and make transactions more secure. This means that any European transaction made online will require an additional authentication on top of existing transaction methods.
SCA requires that businesses use two independent authentication elements to verify payments. In practice, this means adding a new payment step where your customers must confirm their payment using an authentication method like a password, hardware token, or biometric.
The regulation was introduced on 14 September 2019 and a number of European banks may start declining any payments without the additional authentication provided by consumers.
To find out more about SCA, click here.
What is PSD2?
PSD2 is the second Payment Services Directive designed by the countries of the European Union. It introduces strict security requirements for the initiation of electronic payments in order to reduce the risk of fraud.
To protect the consumer, PSD2 requires banks to implement multi-factor authentication transactions performed on any channel whether remote or proximate. Consumers will have to identify themselves with two of the three categories shown below.
The authentication methods are:
- Personal - a password or PIN code
- Device - smartphone device or digital token
- Biometric - fingerprint or facial recognition
Will I be affected by the Strong Customer Authentication regulation?
This regulation applies to online payments where the customer’s bank and the business are both in the European Economic Area. To check whether the new SCA regulation applies to your company, the criteria are as follows:
- Your business is based in the European Economic Area (EEA)
- You create payments on behalf of connected accounts based in the EEA
- You serve customers in the EEA
- You accept EU-issued debit/credit cards
Marketplaces whose customers fall under this criteria may start to see an increase in failed transactions after the implementation of the regulation.
If your marketplace is outside of the European Economic Area (EEA), or it does not handle European-based transactions, you will still benefit from the SCA and the PSD2 through the improved UX and better protection against credit card disputes.
Here at Arcadier, we have taken steps to ensure that your marketplace gets minimal disruption.
Is my Arcadier marketplace compliant?
Payment service providers will be the ones mainly responsible for complying with the SCA regulations. Depending on the payment gateways you are using on Arcadier, you may have to make some adjustments to your transaction flow. You can find details on each of Arcadier’s available payment service providers below:
Stripe integration will be done by Arcadier. For all marketplaces with Stripe payments created after 14th September 2019, automatically uses Stripe’s new 3DS2 flow.
Custom Payments will depend on the individual payment gateways that you have connected with.
Please make sure to check with your preferred payment gateway if they support SCA and update your redirect URL integration accordingly.
Please ensure that your custom integration is SCA compliant. Check with your payment service provider for more information on whether your specific integration supports SCA.