What is Strong Customer Authentication (SCA)?

Strong customer authentication (SCA) is a requirement of the PSD2. It's a combination of three elements businesses can use to authenticate a payment. The RTS makes strong customer authentication (SCA) the basis for accessing one's payment account, as well as for making payments online.

This means that to prove their identity users will have to provide at least two separate elements out of these three:

• Something they know (a password or PIN code).
• Something they own (a card, a mobile phone).
• Something they are (biometrics, e.g. fingerprint or iris scan).

Strong customer authentication is already commonly used throughout the EU. For example, when customers pay with a card at brick-and-mortar shops they are required to validate a transaction by typing their PIN codes on card readers. However, this is not the case for electronic remote payment transactions, be it a card payment or a credit transfer from an online bank. For these transactions, SCA already is applied in some EU countries only (including Belgium, the Netherlands and Sweden). In other EU countries some payment service providers apply SCA on a voluntary basis.

For more information, please refer to Payment Services Directive (PSD2): Regulatory Technical Standards (RTS) enabling consumers to benefit from safer and more innovative electronic payments