What is Strong Customer Authentication?

Strong Customer Authentication (SCA) is a measure put into place by the revised Payment Services Directive (PSD2) to make online payments more secure.
This set of regulations requires sellers to verify a shopper's identity before allowing an online purchase to be made. The overall goal is to reduce electronic payment fraud for both customers and retailers.

In this article:

  • Verification methods of SCA
  • How SCA works
  • SumUp and SCA

What are the verification methods of SCA?

The company selling online must confirm the customer’s identification using at least 2 of the following methods:

  • Something the customer has (i.e. phone or tablet)
  • Something the customer is (i.e. facial recognition or fingerprint)
  • Something the customer knows (i.e. PIN or password)

Banks are expected to decline payments that do not utilise this two-factor authentication, effective September 14, 2019.

How does SCA work?

  1. A customer will go to the checkout of a website online or on their mobile phone to pay for a good or service.
  2. They must identify themselves using 2 of the 3 verification methods.
  3. In the cases of remote or mobile transactions, the customer will be sent a unique, one-time verification code to authorise the transaction.
  4. Once the authentication process has been successfully completed, the payment will be processed.

SumUp and SCA

As a regulated financial company, SumUp is obliged to implement SCA standards in the following:

Contactless transactions on our readers

Only contactless transactions over 50 EUR/ GBP will be subject to SCA authentication. Transactions below this amount will not require verification.

Mobile Payments transactions

As Mobile Payments transactions fall under SCA regulations, customers using this method of payment will be subject to SCA verification. If a payment is above 30 EUR/GBP, authentication will be required.

Virtual Terminal transactions

As an over-the-phone payment method, Virtual Terminal transactions are exempt from SCA verification.

While these regulations apply to both cardholder’s banks and the businesses located within the European Economic Area (EEA), we believe these requirements will also apply to the UK, regardless of the outcome of Brexit.

Communicating SCA to your customers:

Whether it’s in your “About us” page on your company website or on a small note in your shop, let your customers know why you’re required to impose SCA regulations. Emphasise the extra layer of security that these measures bring.

Was this article helpful?

Didn't find what you were looking for?

Contact Us

Articles in this section