What is Strong Customer Authentication (SCA) and how could it affect your business?

Strong customer authentication (SCA) refers to a new type of security that protects consumers from becoming victims of fraud. It's an important concept for any business with customers.

Learn more about this new payment security standard today!

TL;DR Quick summary

  • SCA stands for Strong Customer Authentication.

  • It’s a regulatory requirement aimed to increase the security of electronic payment services in the EU and the UK.

  • To be considered strong, authentication needs to include two out of three factors: knowledge, possession and inherence.

  • SCA adds an extra layer of security and aims to prevent fraud related to online payments.

What is Strong Customer
Authentication (SCA)?

A new requirement on businesses comes into force here in the UK from September 15th. Strong Customer Authentication (SCA) is part of a range of legislation from the EU entitled the second Payments Services Directive (PSD2). 

The main substance of SCA is standards used by merchants to verify that the cardholder has physical possession of their credit card. This makes it much harder for fraudsters to use stolen cards online. Preventing fraud and costly chargebacks will certainly be a positive.

SCA elements

To ensure that you are who you say you are, you may be asked two questions from these 3 forms of identification.

  • Something that the consumer Knows - such as a PIN or a Password

  • Something that the consumer Has - such as a mobile device, a card reader or even a one time code sent to those devices

  • Something that the consumer Is - such as a fingerprint or other biometrics like Face ID

SCA is a requirement for e-commerce stores, which will be enforced in the UK from 14th March 2022. For some larger electronic transactions it is already being used.

Why is SCA necessary?

In 2019, UK card fraud losses were over £620 million according to UK Finance. SCA is just one of the measures taken, which is hoped to reduce that number. Our habits have changed, as we do more transactions online, so our regulations must adapt to beat the fraudsters.

What will SCA mean for businesses?

The changes can be split into two distinct categories of your business;

Online payments/
Customer not present:

Your customers may be asked to confirm their identity with two of the factors we mentioned earlier, during checkout.

SCA elements

In - Person payments:

SCA still applies to payments you make face to face with your customers. Using a chip and pin machine means your business is compliant.

You will find that customers will sometimes be asked to enter their PIN when making contactless payments.

This is part of the SCA regulation and only happens every 5 transactions or when a few contactless transactions reach over £100.

How can Roqqett help?


Roqqett has been designed with Strong Customer Authentication at its very core. By encouraging consumers to pay via their mobile device, we can already ensure two of the three checks that make up SCA - Something they have and Something they are; in this case their mobile device and their biometrics (ie. FaceID).

Roqqett’s fast checkout and the value the consumer feels around that, only helps to make that journey feel smooth and simple. Making this journey as seamless and as secure as possible is the aim of all merchants. New regulations or adding new processes can be painful, we thought we should help. We have put together a guide with some real actions for you to take in your business to ensure that you are up to date.

*Roqqett needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at any time. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, please review our Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.