In September 2019, Strong Customer Authentication (SCA), a new way of authenticating online payments, will be rolled out across Europe, as part of the Second Payment Services Directive (PDS2). One of the key aims of SCA is to reduce the incidence of payer fraud and increase security, by introducing two-factor authentication on electronic payments.
Frequently asked questions
- What is Strong Customer Authentication (SCA)?
- Who is responsible for SCA?
- What is the aim of SCA?
- When does SCA come into force?
- Does it apply to GoCardless?
- Does it apply to other payment methods?
- Will the SCA initiative impact my use of GoCardless?
What is Strong Customer Authentication (SCA)?
Strong Customer Authentication (SCA) is a new regulation for authenticating online payments, which will be rolled out across Europe as part of the Second Payment Services Directive (PDS2).
It involves applying strong two-factor authentication for actions such as accessing accounts, making electronic payments, and/or other actions that imply a risk of fraud.
The authentication factors must consist of two of the following:
- Knowledge (something only the user knows e.g. a password - cannot be CVV2).
- Possession (something only the user possesses e.g. a one-time code).
- Inherence (something the user is e.g. a fingerprint).
Who is responsible for SCA?
SCA is applied by the Payer’s Payment Service Provider (PSP), inc. third party providers, and ultimately the Payer’s ASPSP (bank/account provider).
Importantly, this means that in the vast majority of cases, where a card payment is taking place, it is the payer’s bank that will decide the user experience.
What is the aim of SCA?
One of the key aims of SCA is to reduce the incidence of payer fraud and increase security, by introducing two-factor authentication on electronic payments.
When does SCA come into force?
19 September 2019.
Does SCA apply to GoCardless?
SCA does not apply to payments taken through GoCardless. This is because Direct Debit payments are ‘payee-initiated’ and SCA only applies to payer-initiated payments.
Does it apply to other payment methods?
Yes, SCA does apply to a single electronic card transaction. It applies to the initial setup of recurring variable payments and Continuous Payment Authority, but there is some debate over whether it applies to the actual regular charging of the variable recurring payments. Current FCA guidance says no.
Will the SCA initiative impact my payment collections?
SCA will not impact your payment collections through GoCardless as Direct Debit payments are 'payee-initiated'.
However, it is expected to impact card payments as additional processing requirements might mean it will be more expensive for the issuing bank to process a transaction.
We recommend seeking clarification on this from your card payment service provider if applicable.