What is Strong Customer Authentication (SCA)?

SCA requires that a customer is authenticated through at least two independent factors when making a card payment:

  1. Something the customer knows e.g a PIN or password
  2. Something the customer has e.g a mobile phone or card reader.
  3. Something the customer is e.g facial recognition or a fingerprint.

What types of transactions will be affected?

The regulation applies to most card transactions, with a number of key exceptions:

  • Online card payments below £30. Additional security will be required if the customer makes more than five consecutive low-value payments or if the cumulative value exceeds £100.
  • Contactless face-to-face transactions below £50. The cumulative limit of consecutive transactions is £150 and the number of consecutive transactions is limited to five.
  • Mail and telephone orders (MOTO) via a virtual payments gateway
  • Recurring payments such as subscriptions made to the same business for the same amount. Strong Customer Authentication will be required for the initial set up.

What does this mean for my customers?

This means that customers will be prompted to provide additional information when making certain card payments. The two key payment types affected are face-to-face contactless transactions and online payments exceeding the values shown.

How does this affect my business?

This means that all businesses accepting face-to-face or online card payments will need to comply with SCA by 14th September 2021.

Last updated byChris Grant (he/him)Chris Grant (he/him) on 31st December 2020