When it comes to regulation, there are a lot of acronyms thrown around – GDPR, PCI, PSD2. But with a pending March compliance deadline, SCA, or Strong Customer Authentication, now needs to be top of the agenda.
Strong Customer Authentication is a new and vital regulatory requirement for businesses that handle customer payments. In this blog, we’ll dive deeper into what it is, why it matters and how you can maintain compliance.
What is Strong Customer Authentication?
SCA is a new European regulatory requirement designed to reduce fraud by making digital and contactless payments more secure. It requires organisations to build additional checks into their checkout flows to make sure multi-factor authentication takes place.
SCA applies to customer-initiated online card payments where both the merchant’s and cardholder’s bank are located in the European Economic Area. It also applies to contactless offline payments within Europe. Most card payments and all bank transfers will require strong authentication, although recurring direct debits won’t because they’re considered merchant-initiated.
SCA was originally introduced in September 2019 with the view to being enforced across 2020 and 2021. However, in May 2021, the Financial Conduct Authority granted an extension due to the COVID-19 pandemic. Businesses now have until March 2022 to make their e-transactions SCA complaint.
What does Strong Customer Authentication look like in practice?
To be SCA complaint, your authentication procedure needs to include at least 2 of these 3 elements:
- Something the customer KNOWS (like their password or PIN)
- Something the customer HAS (like a one-time code sent to their phone)
- Something the customer IS (like biometric authentication)
You can implement SCA-compliant procedures by integrating technology into your purchasing and transfer workflows.
An Irish Tier 1 Bank, for example, recently introduced one-time passwords using Engage Hub’s technology, adding an extra security layer during the mobile app registration process. Customers receive a one-time password via SMS, which they input into the app. It’s quick and user-friendly, aligning with the SCA compliance elements above while protecting customers and minimising friction.
Why does Strong Customer Authentication matter?
Put simply, fraud is expensive. Breaches bring not only direct financial loss, but also significant fines from regulators, the erosion of customer trust and reputational damage. SCA compliance protects both you and your customers from these hefty losses.
Need help getting the right procedures in place?
Get in touch today to see how we can help you create a secure, compliant, and user-centric customer experience while complying with SCA requirements. Or download our recent whitepaper on how AI-powered technology can help you tackle fraud.