SCA Legislation: What does this mean for you?
Strong Customer Authentication (SCA) legislation applicable from 14th September 2019.
What is SCA?
Strong Customer Authentication (SCA) is a new European regulatory requirement to reduce fraud and make online payments more secure.
The new EU Payments Services Directive (PSD2) took effect in January 2018, bringing in new laws aimed at enhancing consumer rights and reducing online fraud. A key element of PSD2 is the introduction of additional security authentications for online transactions over €30, known as Strong Customer Authentication (SCA). It means customers will no longer be able to checkout online using just their credit or debit card details, they will also need to provide an additional form of identification.
What is the SCA requirement?
PSD2 requires the use of two independent sources of validation by selecting a combination of two out of the three categories (commonly known as the ‘two-factor authentication’): ·
- something you know (e.g. PIN)
- something you have (e.g. card/phone)
- something you are (e.g. fingerprint)
This is applicable to transactions in the European Economic Area (EEA) only, where both payer and payee are in the region.
What does this mean for you?
For iPages customers, no action is required. We are working with each card payment processor to ensure that we are compliant by the deadlines given.
What changes are iPages making for SCA?
iPages works with a number of card payment processors and each have released their most recent guidance on this. We are working to ensure all payment providers guidelines are followed in time for the deadlines given. This could mean changing our API integrations with each payment processor. However, as 3D Secure comes as standard as part of the one-page checkout process for all eCommerce merchants, we are confident we shall meet the compliance requirements.
For more information about your card payment processors latest public guidance, click below. Khoo Systems have also received private advice on how to implement this for each provider.
When is SCA coming into affect?
Until further information is available, we will continue working towards the 14th September deadline. However, the Financial Conduct Authority (FCA) have just confirmed a delay to the enforcement of SCA under the revised Payment Services Directive (PSD2).
This has been in response to concerns about the industry’s preparedness and ability to comply with the new requirements.
MasterCard has issued an advisory recently recommending that the date of the 14th September is postponed as they believe that the industry is not prepared for this to be mandated. We are awaiting further feedback from the parties responsible, that is the Acquirers and Issuers, on whether or not they will heed this advice.
Can we help?
If you would like to discuss SCA compliance with one of our eCommerce team, do not hesitate to get in touch and your account manager would be happy to talk to you.