SCA stands for Strong Customer Authentication.
It’s a regulatory requirement aimed to increase the security of electronic payment services in the EU and the UK.
To be considered strong, authentication needs to include two out of three factors: knowledge, possession and inherence.
SCA adds an extra layer of security and aims to prevent fraud related to online payments.
A new requirement on businesses comes into force here in the UK from September 15th. Strong Customer Authentication (SCA) is part of a range of legislation from the EU entitled the second Payments Services Directive (PSD2).
The main substance of SCA is standards used by merchants to verify that the cardholder has physical possession of their credit card. This makes it much harder for fraudsters to use stolen cards online. Preventing fraud and costly chargebacks will certainly be a positive.
To ensure that you are who you say you are, you may be asked two questions from these 3 forms of identification.
Something that the consumer Knows - such as a PIN or a Password
Something that the consumer Has - such as a mobile device, a card reader or even a one time code sent to those devices
Something that the consumer Is - such as a fingerprint or other biometrics like Face ID
SCA is a requirement for e-commerce stores, which will be enforced in the UK from 14th March 2022. For some larger electronic transactions it is already being used.
In 2019, UK card fraud losses were over £620 million according to UK Finance. SCA is just one of the measures taken, which is hoped to reduce that number. Our habits have changed, as we do more transactions online, so our regulations must adapt to beat the fraudsters.
The changes can be split into two distinct categories of your business;
Your customers may be asked to confirm their identity with two of the factors we mentioned earlier, during checkout.
SCA still applies to payments you make face to face with your customers. Using a chip and pin machine means your business is compliant.
You will find that customers will sometimes be asked to enter their PIN when making contactless payments.
This is part of the SCA regulation and only happens every 5 transactions or when a few contactless transactions reach over £100.
Roqqett has been designed with Strong Customer Authentication at its very core. By encouraging consumers to pay via their mobile device, we can already ensure two of the three checks that make up SCA - Something they have and Something they are; in this case their mobile device and their biometrics (ie. FaceID).
Roqqett’s fast checkout and the value the consumer feels around that, only helps to make that journey feel smooth and simple. Making this journey as seamless and as secure as possible is the aim of all merchants. New regulations or adding new processes can be painful, we thought we should help. We have put together a guide with some real actions for you to take in your business to ensure that you are up to date.