Strong Customer Authentication (SCA)

Strong Customer Authentication (SCA)

If you’re a business owner, chances are you’ve been made aware of strong customer authentication (SCA). It’s about to become an important part of how you do business, so if you haven’t heard of it already, it’s vital to get up to speed so you don’t get lost in the dust and lose business.

What is SCA?

Strong customer authentication is a new European regulatory requirement that will force merchants to have two different ways to verify a customer’s identity. The new regulation will go into effect on September 14, 2019, so there’s not much time left to get on board.

If your business accepts online payments, you’ll be required to have two independent authentication methods to verify that people are who they say they are. This safeguard will be in place to protect customers and businesses from fraud.

What Types of Authentication Will be Accepted?

If a customer isn’t trying to make a fraudulent transaction, the authentication process should be easy because they’ll be able to provide whatever you ask for. The types of authentication accepted include:

  • Something the customer knows
  • Something the customer has
  • Something the customer is

This means that the customer will have to either provide a password they have, be able to provide a verification code sent to another device such as a mobile phone and be able to use a physical identifier like a fingerprint. Any two of these types of authenticators will be sufficient to verify someone is who they say they are.

What Do I Need to Do as a Business?

Most of the SCA process will be done through a 3D Secure 2, which is just an update to the current 3D Secure System. The payment gateway will prompt the customer to provide two of the authentication forms to complete their transaction. If they are unable to do so, they won’t be able to complete their transaction. This may also be a red flag that the person was trying to make a fraudulent transaction.

Systems like Apple Pay or Google Pay already support transactions with a built-in later of authentication either by a biometric or password form. If businesses implement these types of payments, it can be an easy way to comply with the SCA requirement without having to make any changes.

Important Things to Know about SCA

There are several important things to know about SCA before it goes into effect.

Did you know…?

  • Many businesses may be under the assumption that the new SCA regulation only applies to U.S.-based transactions. Not true! SCA will be enforced to customer-initiated online payments within Europe. It doesn’t matter where the merchant is located. SCA even when the acquiring bank or processor is in the European Economic Area (EEA) and the customer’s method of payment is issued in the EEA. If European customers are trying to buy something on your site, SCA will be used.
  • If the payment gateway you’re using as an EEA presence and you’re not ready for the new SCA regulation, payments may get rejected which can result in lost profits. This is another reason to get on board sooner rather than later. Transactions under 30 euros will not require an SCA, but an SCA will be required after the customer makes five transactions or if they are spending over 100 euros.
  • Fixed amount subscriptions should also be exempt from SCA requirements. When recurring payments are made for the same amount to the same businesses, customers shouldn’t be asked to verify their identities.
  • Merchant-initiated transactions may also be exempt. But, for this to happen, the merchant will have to verify the card when the first payment is made and then save the information. Some customers don’t feel comfortable with this process so this may not work for some businesses.
  • Customers may also have the option to “white list” businesses that they trust to avoid the authentication process in the future. The bank will have this list from the customer so that when a transaction is made, the authentication process will not be activated, but the transaction will still be allowed. This feature is not expected to be implemented by many banks in the beginning, as they will just be getting used to the feature and will want to play by the rules to make sure there are no fraudulent activities. As merchants and banks get used to the process, some banks may allow customers to add a “white list” to their accounts.

The Bottom Line with SCA

The biggest takeaway with strong customer authentication is that it is being put in place to prevent fraudulent transactions. Fraudulent transactions are not only a headache for business owners, but also for customers who often experience their accounts being suspended as the transactions are investigated.

SCA is not meant to be a headache. It should be viewed as a welcomed extra line of security when it comes to protecting payments. As a business owner, you want all of your transactions to go smoothly and SCA is one way to make sure that gets done.

If you don’t have the proper payment gateways in place, it’s vital to get that done so that you don’t experience an interruption in your business or any unnecessary headaches.

If you want to make sure your website is SCA compliant, let Portside Marketing help. We will not only design and update your website, but will also make sure you have the right payment gateways in place for the upcoming SCA regulation. Portside Marketing can also help when it comes to other tasks like search engine optimization and local and directory searches. We are a full-service marketing agency equipped with experienced staff that can get the job done.

Contact us today at (972) 979-9316 to get started. Find out why so many companies trust Portside Marketing for all of their marketing needs!