Strong Customer Authentication 101

Electronic transactions and payments have become an increasingly common part of our daily lives. 

But at the same time, online users face the ever-growing risk of fraud and identity theft.

That’s why the EU introduced strong customer authentication (SCA) to combat these issues and help businesses protect their users.

What is strong customer authentication?

SCA is an authentication process that uses multi-factor authentication (MFA) to verify the identity of a person who makes a payment or transaction online. SCA was introduced in 2019 by the Payment Services Directive (PSD2) of the European Union. It adds an extra level of protection by ensuring that users rely on two or more of the following authentication factors:

  • Something you know (password or PIN code)
  • Something you have (authentication device)
  • Something you are (biometric features)

The exact authentication factors used depend on the payment service provider at hand.

When is SCA needed and what exemptions are there?

Users are requested to use SCA when an online transaction exceeds the threshold of €30.

However, because SCA makes the experience slower for the user, not all transactions require the SCA process. To maintain a smooth experience and avoid unnecessary friction, there are a few exemptions for using SCA in electronic payments.

The most common SCA exemptions:

  • Online payments and transactions under €30
  • Contactless point-of-sale transactions under €50. 

You can read about all of the SCA exemptions in detail here.

Using electronic identities in SCA

Due to the widespread use of national electronic identities (eIDs), it’s become common practice to use them to verify user identity in SCA. eIDs like Danish MitID or Swedish and Norwegian BankID are often used by banks and other financial institutions to provide secure digital processes for their users.

What are the business benefits of SCA?

1. Reduce fraud and protect users

The introduction of SCA by PSD2 has helped businesses significantly increase their level of security. Adding an extra authentication factor is effective in reducing fraud, since attempts by hackers are 30% to 50% times more likely to be blocked when MFA is activated. 

This helps businesses build secure platforms and payment processes to help their customers feel safe.

2. Improve the user experience

SCA is mandatory for high-value transactions and payments, regardless of company size. That’s why businesses should see it as an opportunity to provide authentication methods where security and user experience work together.

To achieve this, an effective strategy is to allow users to authenticate themselves through a method they already know. In several countries, national eIDs are common authentication methods thanks to their ease of use and a familiar process. Using eIDs for SCA maintains security without compromising the customer journey.

3. Increase trust

Fostering trust online is a crucial aspect for any business looking to grow and improve. Since online transactions and payments are constantly increasing, it’s become crucial to offer services that consumers find safe and reliable. Security is a key element in this, which is why the MFA process in SCA naturally helps companies develop trust.

Summary

PSD2 and SCA successfully help increase the level of security for online consumers.

The EU regulation is here to stay, so it’s up to companies to seize the business opportunities that come with SCA, including reduced fraud, improved user experience, and increased trust. To enjoy these benefits, creating a smooth and simple authentication process is crucial. Adopting an authentication method that is easy and familiar to the users can allow companies to avoid friction and stay competitive.

Author
Our blog

Latest blog posts

The latest industry news, interviews, technologies, and resources.

A Brief History of Privacy

Over the past two decades, the rapid growth of personal data collection has dramatically changed how individuals, organizations, and governments view...

Why Is Everybody Talking About Age Verification for Social Media?

Should social media platforms restrict minors from certain content? Can they do it?

Multi-Factor Authentication: Definition, Use Cases, and Benefits

Traditional single-factor authentication methods, such as usernames and passwords, are increasingly vulnerable to cyberattacks. Multi-Factor...

Sign up for our blog

Stay up to date on industry news and insights