SCA and PSD2

SCA and PSD2 Image

Strong Customer Authorisation (SCA) is an intiative of the European Union to try to protect online shoppers from fraud. PSD2 is the legal directive that makes it mandatory for service suppliers eg. Payment gateways to be compliant with SCA. It is thought that SCA will be a requirement in the UK irrespective of the outcome of Brexit. Originally SCA had to be implemented by 14th September 2019 but there is now an 18 month grace period. The “grace period” seems to be a grey area so our advice would be to become compliant as soon as possible, not least because of the extra level of fraud protection that it gives you and your customers.

In essence SCA requires that when a European shopper pays for anything online they must provide 2 out of 3 of the following means of authentication :-

1. Something they know (e.g Password, Pin)
2. Something they have (Mobile phone, Wearable device)
3. Something they are (Fingerprint, facial features)

This will work similarly to the 3d Secure authentication that payment gateways currently use but with extra layers of security.

Payment gateways will be allowed to do real time risk analysis to see if it is necessary to apply SCA and there are some exemptions eg. for transactions of less than €30 so it is hoped that friction will be kept to a minimum.

If you are concerned how SCA and PSD2 will affect you and your website you should contact your Payment Gateway provider to make sure they are compliant and ask whether you will need to update your version of the gateway. Alternatively you can contact Logic Replace and we will carry out a thorough audit of your site and recommend any steps that you will need to take to be compliant.